Analysis
-
max time kernel
291s -
max time network
298s -
platform
windows11-21h2_x64 -
resource
win11-20240508-en -
resource tags
arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system -
submitted
08/06/2024, 14:07
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://winderbox.pl/
Resource
win11-20240508-en
General
-
Target
https://winderbox.pl/
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 7 IoCs
pid Process 2456 DiscordSetup.exe 4504 Update.exe 4692 Discord.exe 2956 Discord.exe 1664 Update.exe 5208 Discord.exe 5192 Discord.exe -
Loads dropped DLL 8 IoCs
pid Process 4692 Discord.exe 2956 Discord.exe 5208 Discord.exe 5192 Discord.exe 5192 Discord.exe 5192 Discord.exe 5192 Discord.exe 5192 Discord.exe -
Reads local data of messenger clients 2 TTPs
Infostealers often target stored data of messaging applications, which can include saved credentials and account information.
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000\Software\Microsoft\Windows\CurrentVersion\Run\Discord = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\Update.exe\" --processStart Discord.exe" reg.exe -
Legitimate hosting services abused for malware hosting/C2 1 TTPs 4 IoCs
flow ioc 16 discord.com 87 discord.com 117 discord.com 199 discord.com -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Checks processor information in registry 2 TTPs 13 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 Discord.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString Discord.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\ProcessorNameString Discord.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz Discord.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1 Discord.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\1\~MHz Discord.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\2 Discord.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe -
Modifies registry class 13 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings firefox.exe Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\URL Protocol reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\DefaultIcon\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9148\\Discord.exe\",-1" reg.exe Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell\open\command reg.exe Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord reg.exe Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell reg.exe Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell\open reg.exe Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord reg.exe Key created \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\DefaultIcon reg.exe Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Discord\\app-1.0.9148\\Discord.exe\" --url -- \"%1\"" reg.exe Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2457560273-69882387-977367775-1000\{2C819885-52AA-42B7-8462-2AD95E93665B} msedge.exe Set value (str) \REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Discord\ = "URL:Discord Protocol" reg.exe -
Modifies registry key 1 TTPs 5 IoCs
pid Process 5580 reg.exe 5620 reg.exe 5664 reg.exe 5708 reg.exe 5752 reg.exe -
NTFS ADS 1 IoCs
description ioc Process File created C:\Users\Admin\Downloads\DiscordSetup.exe:Zone.Identifier firefox.exe -
Suspicious behavior: EnumeratesProcesses 24 IoCs
pid Process 3252 msedge.exe 3252 msedge.exe 1272 msedge.exe 1272 msedge.exe 4592 identity_helper.exe 4592 identity_helper.exe 3868 msedge.exe 3868 msedge.exe 2960 msedge.exe 2960 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 5028 msedge.exe 4692 Discord.exe 4692 Discord.exe 4692 Discord.exe 4692 Discord.exe 4692 Discord.exe 4692 Discord.exe 4692 Discord.exe 4692 Discord.exe 4692 Discord.exe 4692 Discord.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 27 IoCs
pid Process 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe -
Suspicious use of AdjustPrivilegeToken 19 IoCs
description pid Process Token: SeDebugPrivilege 4788 firefox.exe Token: SeDebugPrivilege 4788 firefox.exe Token: SeDebugPrivilege 4504 Update.exe Token: SeDebugPrivilege 4504 Update.exe Token: SeDebugPrivilege 4504 Update.exe Token: SeDebugPrivilege 1664 Update.exe Token: SeDebugPrivilege 1664 Update.exe Token: SeDebugPrivilege 1664 Update.exe Token: SeDebugPrivilege 1664 Update.exe Token: SeDebugPrivilege 1664 Update.exe Token: SeDebugPrivilege 1664 Update.exe Token: SeDebugPrivilege 1664 Update.exe Token: SeDebugPrivilege 1664 Update.exe Token: SeDebugPrivilege 1664 Update.exe Token: SeShutdownPrivilege 4692 Discord.exe Token: SeCreatePagefilePrivilege 4692 Discord.exe Token: SeDebugPrivilege 4788 firefox.exe Token: SeDebugPrivilege 4788 firefox.exe Token: SeDebugPrivilege 4788 firefox.exe -
Suspicious use of FindShellTrayWindow 31 IoCs
pid Process 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 4788 firefox.exe 4788 firefox.exe 4788 firefox.exe 4788 firefox.exe 4504 Update.exe -
Suspicious use of SendNotifyMessage 15 IoCs
pid Process 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 1272 msedge.exe 4788 firefox.exe 4788 firefox.exe 4788 firefox.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
pid Process 4788 firefox.exe 4788 firefox.exe 4788 firefox.exe 4788 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1272 wrote to memory of 1224 1272 msedge.exe 79 PID 1272 wrote to memory of 1224 1272 msedge.exe 79 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 2012 1272 msedge.exe 80 PID 1272 wrote to memory of 3252 1272 msedge.exe 81 PID 1272 wrote to memory of 3252 1272 msedge.exe 81 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 PID 1272 wrote to memory of 5004 1272 msedge.exe 82 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://winderbox.pl/1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1272 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ff808313cb8,0x7ff808313cc8,0x7ff808313cd82⤵PID:1224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1804 /prefetch:22⤵PID:2012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2364 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:3252
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2636 /prefetch:82⤵PID:5004
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3276 /prefetch:12⤵PID:2596
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3408 /prefetch:12⤵PID:2208
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5288 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:4592
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4068 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3868
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5408 /prefetch:12⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:12⤵PID:8
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3288 /prefetch:12⤵PID:2408
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:12⤵PID:1812
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1640 /prefetch:12⤵PID:4776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:12⤵PID:4772
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:12⤵PID:1788
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6120 /prefetch:82⤵PID:2896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3300 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:2960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3460 /prefetch:12⤵PID:2480
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:12⤵PID:3360
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5036 /prefetch:12⤵PID:3068
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6024 /prefetch:12⤵PID:2956
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6632 /prefetch:12⤵PID:1704
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6592 /prefetch:12⤵PID:1064
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7156 /prefetch:12⤵PID:3576
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:12⤵PID:2344
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6232 /prefetch:12⤵PID:2116
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5748 /prefetch:12⤵PID:436
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6516 /prefetch:12⤵PID:2972
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7768 /prefetch:12⤵PID:2952
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6804 /prefetch:12⤵PID:4412
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5744 /prefetch:12⤵PID:780
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=32 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6760 /prefetch:12⤵PID:3600
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5568 /prefetch:12⤵PID:2060
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6708 /prefetch:12⤵PID:5012
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1724 /prefetch:12⤵PID:2260
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,1884250345636363160,11664722711710477193,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=7508 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5028
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:4748
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5032
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:416
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4788 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.0.977972016\662465409" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1744 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2670af6b-963d-4796-84fb-96dbdcba07f5} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 1844 18dfee0e858 gpu3⤵PID:1076
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.1.427345566\1705487509" -parentBuildID 20230214051806 -prefsHandle 2360 -prefMapHandle 2348 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bcf3c97b-6610-4275-a1ad-7367e9824fec} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 2372 18df2185158 socket3⤵PID:2276
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.2.788514245\1981153371" -childID 1 -isForBrowser -prefsHandle 2732 -prefMapHandle 2748 -prefsLen 22148 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc8dcb56-fbe4-4f6d-962b-657ae11560dd} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 2724 18d81aeee58 tab3⤵PID:2492
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.3.609404228\1603987739" -childID 2 -isForBrowser -prefsHandle 3580 -prefMapHandle 3576 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a399a6a-57fa-4c92-b7eb-3da14eb38f46} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 3592 18d84afcb58 tab3⤵PID:1532
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.4.1951567576\861683049" -childID 3 -isForBrowser -prefsHandle 5036 -prefMapHandle 5028 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {527f5c2c-7ae8-4c39-b8f5-aa23ecd3d948} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5048 18d86fcdb58 tab3⤵PID:3764
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.5.1987574149\1307553537" -childID 4 -isForBrowser -prefsHandle 5196 -prefMapHandle 5200 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c79b96a-d7e2-411e-9484-28cb84189a36} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5184 18df2140c58 tab3⤵PID:764
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.6.1618339925\1216412294" -childID 5 -isForBrowser -prefsHandle 5404 -prefMapHandle 5412 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0d8c2bd7-b23a-45d0-8040-fda2d5759555} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5364 18d870c5858 tab3⤵PID:3520
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.7.409273395\1101180882" -childID 6 -isForBrowser -prefsHandle 5764 -prefMapHandle 2940 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bc9ec7c8-4286-457d-81a6-ceb9b232b7ef} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5972 18d88d1f858 tab3⤵PID:1636
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4788.8.1578528333\1121416091" -childID 7 -isForBrowser -prefsHandle 5112 -prefMapHandle 5088 -prefsLen 27774 -prefMapSize 235121 -jsInitHandle 1192 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f3e95684-6e96-401c-bec1-b7e7cb48abae} 4788 "\\.\pipe\gecko-crash-server-pipe.4788" 5140 18d89858258 tab3⤵PID:1760
-
-
C:\Users\Admin\Downloads\DiscordSetup.exe"C:\Users\Admin\Downloads\DiscordSetup.exe"3⤵
- Executes dropped EXE
PID:2456 -
C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe"C:\Users\Admin\AppData\Local\SquirrelTemp\Update.exe" --install .4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:4504 -
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --squirrel-install 1.0.91485⤵
- Executes dropped EXE
- Loads dropped DLL
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4692 -
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exeC:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe --type=crashpad-handler --user-data-dir=C:\Users\Admin\AppData\Roaming\discord /prefetch:7 --no-rate-limit --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\Admin\AppData\Roaming\discord\Crashpad --url=https://f.a.k/e --annotation=_productName=discord --annotation=_version=1.0.9148 --annotation=plat=Win64 --annotation=prod=Electron --annotation=ver=28.2.10 --initial-client-data=0x530,0x534,0x538,0x528,0x53c,0x7ff7d2d33108,0x7ff7d2d33114,0x7ff7d2d331206⤵
- Executes dropped EXE
- Loads dropped DLL
PID:2956
-
-
C:\Users\Admin\AppData\Local\Discord\Update.exeC:\Users\Admin\AppData\Local\Discord\Update.exe --createShortcut Discord.exe --setupIcon C:\Users\Admin\AppData\Local\Discord\app.ico6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1664
-
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --type=gpu-process --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2128 --field-trial-handle=2132,i,214290154321868244,9658345176766784016,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:26⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5192
-
-
C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --user-data-dir="C:\Users\Admin\AppData\Roaming\discord" --secure-schemes=sentry-ipc --bypasscsp-schemes=sentry-ipc --cors-schemes=sentry-ipc --fetch-schemes=sentry-ipc --mojo-platform-channel-handle=2268 --field-trial-handle=2132,i,214290154321868244,9658345176766784016,262144 --enable-features=kWebSQLAccess --disable-features=CalculateNativeWinOcclusion,HardwareMediaKeyHandling,MediaSessionService,SpareRendererForSitePerProcess,WinDelaySpellcheckServiceInit,WinRetrieveSuggestionsOnlyOnDemand --variations-seed-version /prefetch:86⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5208
-
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /v Discord /d "\"C:\Users\Admin\AppData\Local\Discord\Update.exe\" --processStart Discord.exe" /f6⤵
- Adds Run key to start application
- Modifies registry key
PID:5580
-
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /ve /d "URL:Discord Protocol" /f6⤵
- Modifies registry class
- Modifies registry key
PID:5620
-
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord /v "URL Protocol" /f6⤵
- Modifies registry class
- Modifies registry key
PID:5664
-
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\DefaultIcon /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe\",-1" /f6⤵
- Modifies registry class
- Modifies registry key
PID:5708
-
-
C:\Windows\System32\reg.exeC:\Windows\System32\reg.exe add HKCU\Software\Classes\Discord\shell\open\command /ve /d "\"C:\Users\Admin\AppData\Local\Discord\app-1.0.9148\Discord.exe\" --url -- \"%1\"" /f6⤵
- Modifies registry class
- Modifies registry key
PID:5752
-
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
278KB
MD5084f9bc0136f779f82bea88b5c38a358
SHA164f210b7888e5474c3aabcb602d895d58929b451
SHA256dfcea1bea8a924252d507d0316d8cf38efc61cf1314e47dca3eb723f47d5fe43
SHA51265bccb3e1d4849b61c68716831578300b20dcaf1cbc155512edbc6d73dccbaf6e5495d4f95d089ee496f8e080057b7097a628cc104fa8eaad8da866891d9e3eb
-
Filesize
163KB
MD54fc6564b727baa5fecf6bf3f6116cc64
SHA16ced7b16dc1abe862820dfe25f4fe7ead1d3f518
SHA256b7805392bfce11118165e3a4e747ac0ca515e4e0ceadab356d685575f6aa45fb
SHA512fa7eab7c9b67208bd076b2cbda575b5cc16a81f59cc9bba9512a0e85af97e2f3adebc543d0d847d348d513b9c7e8bef375ab2fef662387d87c82b296d76dffa2
-
Filesize
222KB
MD547668ac5038e68a565e0a9243df3c9e5
SHA138408f73501162d96757a72c63e41e78541c8e8e
SHA256fac820a98b746a04ce14ec40c7268d6a58819133972b538f9720a5363c862e32
SHA5125412041c923057ff320aba09674b309b7fd71ede7e467f47df54f92b7c124e3040914d6b8083272ef9f985eef1626eaf4606b17a3cae97cfe507fb74bc6f0f89
-
Filesize
4.0MB
MD53c3f780ec6dddfc5803d19dcf0b4a0c1
SHA1e27813b9c36539d67daba118a58038ba751c2ee5
SHA256f51ba46aa90587df7294c216d3e0d45f5cbf3a062b04971d96d87647556fa02c
SHA512332aa9bff4db2458b7a1742f732e501dec165236b87a062a9fef4b09b734d901d13966b18d5fbe7461b50990585a240fd8b2593def254a7d03e92269f40b8ccc
-
Filesize
10.2MB
MD5e0f1ad85c0933ecce2e003a2c59ae726
SHA1a8539fc5a233558edfa264a34f7af6187c3f0d4f
SHA256f5170aa2b388d23bebf98784dd488a9bcb741470384a6a9a8d7a2638d768defb
SHA512714ed5ae44dfa4812081b8de42401197c235a4fa05206597f4c7b4170dd37e8360cc75d176399b735c9aec200f5b7d5c81c07b9ab58cbca8dc08861c6814fb28
-
Filesize
428KB
MD5809b600d2ee9e32b0b9b586a74683e39
SHA199d670c66d1f4d17a636f6d4edc54ad82f551e53
SHA2560db4f65e527553b9e7bee395f774cc9447971bf0b86d1728856b6c15b88207bb
SHA5129dfbe9fe0cfa3fcb5ce215ad8ab98e042760f4c1ff6247a6a32b18dd12617fc033a3bbf0a4667321a46a372fc26090e4d67581eaab615bf73cc96cb90e194431
-
Filesize
5.1MB
MD5e9056386a2b4edac9f0ffa829bc0cfa0
SHA1f8d4b8289ebb088c9997a1fde1c2f12aedd6c82e
SHA256546456d9a1328836a99876824f3beb7279f38403cd001515f5d9eb204939e57c
SHA512c49e832e5c16a1846ea882395e83f9cbe9f4f6b44be9f0c7276d0a4495b88091bd95593c5e167dba853834058d7ca823db60d2fac73434ed952b7064b2daf6da
-
Filesize
6.3MB
MD591a273dc1d39acad8781fecd5f57933d
SHA1918ae121eafdae53fa029f1aece4e7dfce752112
SHA256f819a0553fe7e04e331119cfcd6ed399a05865ff05f0434d0b2e5ef660bef2d2
SHA512b406f7f686b56014c198e3df8d80f104cbacb3593ecd21c35003e6820b53092f7269f35d3045b7de9ea370ae258efb0d30639a494af1b59eea3f6563cbb83ef4
-
Filesize
83B
MD55a3e7b67737956e1e0e985788775062d
SHA1b861613a795f268ead8b990a85fda1bb3ba74a01
SHA2563d3f8ef59d1323705154516e73d62fa0781b19315372ac2332a82029acced2a4
SHA51286a45e9023b3f82d0f781e64de06d969ef427052063f3e8bf8cb508dc771299af10bcdff6a596e06094a7ad64805c04d3331e98b4d602556b5643f7c5c7546ec
-
Filesize
627KB
MD51e4da0bc6404552f9a80ccde89fdef2b
SHA1838481b9e4f1d694c948c0082e9697a5ed443ee2
SHA2562db4a98abe705ef9bc18e69d17f91bc3f4c0f5703f9f57b41acb877100718918
SHA512054917652829af01977e278cd0201c715b3a1280d7e43035507e4fa61c1c00c4cd7ed521c762aebd2ea2388d33c3d4d4b16cee5072d41e960021b6f38745a417
-
Filesize
152B
MD50d84d1490aa9f725b68407eab8f0030e
SHA183964574467b7422e160af34ef024d1821d6d1c3
SHA25640c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e
SHA512f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00
-
Filesize
152B
MD50c705388d79c00418e5c1751159353e3
SHA1aaeafebce5483626ef82813d286511c1f353f861
SHA256697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d
SHA512c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f
-
Filesize
62KB
MD5c3c0eb5e044497577bec91b5970f6d30
SHA1d833f81cf21f68d43ba64a6c28892945adc317a6
SHA256eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb
SHA51283d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38
-
Filesize
69KB
MD5aac57f6f587f163486628b8860aa3637
SHA1b1b51e14672caae2361f0e2c54b72d1107cfce54
SHA2560cda72f2d9b6f196897f58d5de1fe1b43424ce55701eac625e591a0fd4ce7486
SHA5120622796aab85764434e30cbe78b4e80e129443744dd13bc376f7a124ed04863c86bb1dcd5222bb1814f6599accbd45c9ee2b983da6c461b68670ae59141a6c1a
-
Filesize
41KB
MD588680fb89f9210ec416b2da239b58b5b
SHA1d0e7034c4ce7a100ebfba6f5ae73d2cfc5cf01db
SHA256f3e85184b9da403ef7277231046f43fcfe9d08f2bc21bf09967c43576d6a66ff
SHA512fb9e301ac1e7990a2f4c2f109e135c78a275d6feb07ad8aa7765ad3a5e8fd5c77085334ff1b3bab4222090bba6cf4b6b9b3a1e5da3bbf8958d64ed7143d31b39
-
Filesize
19KB
MD576a3f1e9a452564e0f8dce6c0ee111e8
SHA111c3d925cbc1a52d53584fd8606f8f713aa59114
SHA256381396157ed5e8021dd8e660142b35eb71a63aecd33062a1103ce9c709c7632c
SHA512a1156a907649d6f2c3f7256405d9d5c62a626b8d4cd717fa2f29d2fbe91092a2b3fdd0716f8f31e59708fe12274bc2dea6c9ae6a413ea290e70ddf921fe7f274
-
Filesize
65KB
MD556d57bc655526551f217536f19195495
SHA128b430886d1220855a805d78dc5d6414aeee6995
SHA256f12de7e272171cda36389813df4ba68eb2b8b23c58e515391614284e7b03c4d4
SHA5127814c60dc377e400bbbcc2000e48b617e577a21045a0f5c79af163faa0087c6203d9f667e531bbb049c9bd8fb296678e6a5cdcad149498d7f22ffa11236b51cb
-
Filesize
88KB
MD5b38fbbd0b5c8e8b4452b33d6f85df7dc
SHA1386ba241790252df01a6a028b3238de2f995a559
SHA256b18b9eb934a5b3b81b16c66ec3ec8e8fecdb3d43550ce050eb2523aabc08b9cd
SHA512546ca9fb302bf28e3a178e798dd6b80c91cba71d0467257b8ed42e4f845aa6ecb858f718aac1e0865b791d4ecf41f1239081847c75c6fb3e9afd242d3704ad16
-
Filesize
1.2MB
MD5b48e876e91ec89fbaaef68677fac8058
SHA190d1ec84f062ed577f423c44dc8bf04bde44d514
SHA25641b601617afa569c0a42d592341bdbc062b2480bc61f6ab89d85c43c1b2987ac
SHA5122d07f78ffdb9ed12e560c9ebf64fdccc4ddf89b7866d28f5c8ccb862ddd56977d2aed1e82158f6f7f444664b4417e96a7923994c51052acc8ca1d6739f7ab5d4
-
Filesize
512KB
MD5ddcffefac58f205ea194e1612e7c22a7
SHA14db6276eccafc0030490f970824b55dc327bfebd
SHA2565f12968474e2995c485a2c256a9819dde04e78b6a13aacadfba935ed7970234a
SHA5124b8561f2bbc596382e9c22515354b94df9613844a2c6b6736dd7c1f6c51305e235c58160d8e5b3d6f5fa289dc55f6fd675332e4a13d07fd35282d61e227adc13
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5dface1f959df327faf6c2df08bedd195
SHA1979cc3687c3184cd0ddfa82f27433ed54c51bd95
SHA25694c43282b118b8af2f37613b7499fc9f4d6ac954d2c8ea2a0f776cee3ee7ecbf
SHA512be1ce44492501210fcfacfd833ebc42d6367b19e491c836170b097fcd43bec51a4bffaea192c2efaac46593ff8a59b3fed365cc155120119b67fb51c06ba45d5
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize3KB
MD5f76bec6944666ada19a9fe9caea062ac
SHA1abea7a94577e44e351a506ebb56b05404b953d30
SHA256996b8a9f52e23f16cea5e2a0d115201394e13856adfca4b69d392d9fbba2dfdc
SHA5126959932ec73ecf7844c0d3271a0e593652b0568baa79715ba3fb9d99390b22f61aa9e3fd4ca59cb936602f4f5bafd06238f4f4427d0a67554fd25604f839ba8d
-
Filesize
754B
MD5341b5da3d20aed419e09adcbb5b0b198
SHA13f0d42a38331aa0ae759f9e481a738d30ec1851b
SHA2569c665789906188f506089b89797f990a8e5d011f547f036d53615bdda4d14355
SHA512396d16177a217ca572b9ebb71dc08c91d180e984a656df7f22e96aeb9603062f5ce78376908c9e8af94580945b89f7781cb74744d3f4a720c3603ecf9b6a5e95
-
Filesize
8KB
MD578066e2ce42ee12de90bd94c80d8c161
SHA1b4282258fc5ed6213475df1c05caaa87528d6471
SHA25687cfe6c0d2e833d51c4b0745b7a3d5cc169c3b90a13b5a4fe01c8da99d75f1c7
SHA512f87123bbaadebed5efdb89208e34e0d1b5dc1dde569cf0374729f79691d5482ded6c0fa37dcbe1ddec366684db2f6f69ab5be3b4a969306ecee7b593d83697a2
-
Filesize
5KB
MD515f819536754a2ecfaa5ec36773539d8
SHA1457823c76de67b52c2af3ea5b776a55c9517d083
SHA2561347bba7c05a41ddeb202ceeae5683eee34da2964ae4c1b8b5d1f5fffd997b4e
SHA512c931d028e4684374029c1b1c24035b21d142c56cc7e3208762475bf42fe9df5ff6d0dbc4035244309d26e47d689c3dd17446762dac85a7587519aa5c3e64e6f2
-
Filesize
10KB
MD546f7f94d1087c4c84d96574781bd5567
SHA145ee53a2cc783aec8ca1260a6e40db506ca853f3
SHA2560552bd1e5ca7b742104e27a0fa7a7469492971a19b0b6ded968628387de6328c
SHA5124550c7421872d5ecbc7773f3355403146859656e22e22fb582643e919de89dc53a793b02bf89f92f748fe3b90affd01a3c3ac5f938b5898cebb09a83700f2361
-
Filesize
6KB
MD57c28a40243e7692d1118855e3b7ccd44
SHA133f1f5405273f58e8be98dad061d569a76220ee3
SHA25631a41a3b28695fb300fd87df106f6cdafb299514be041ca7eb1dc025cc87c14a
SHA51206b5f983f657feeffb81e47934779a065def6cbc1eddc5af0df3ee34c172a5613abef140bf33d325fa92383a499c200cb06d62cfeb4335824f6fc129837f2c0c
-
Filesize
11KB
MD545a47c01b243f442c9a2da07f86ca09a
SHA17d5cff3e018c8966c3d42ee9ed3b62779ed945e1
SHA2563c9ff1c135db3499ec11301bb142adcbfe07537957610fbe41654fbba47927cb
SHA512e444c96d02cd6e743b4b37e6efe51de18dc5bae2c9712d4413ec6c956ec787f61292255b2083d2aee7a9b1e0aec722f391a2f7bdc4b9b4e1f68131f9a747ca35
-
Filesize
6KB
MD51d123167b79e7a415361ee08ac60ac77
SHA1e9f133de88da395c424c5b9a62ee64756ae1d44b
SHA256f185755bd21d211b68054b8a61f38f9fe23d028cded6f43be95466d63b472d0d
SHA512968387ab6c09aee8c1cd0fa90bf035083114e45155678b023ebcebf58f4e9a490cfa9606a76de62b680fcbde8abf40f008d3e561859f819682d84e233c54ff3e
-
Filesize
4KB
MD515f17fcda814629087c0e807cbcd5c5d
SHA18c39ea94d88079f74ee197f231d5c681684e2cee
SHA25681daa0d0aa11f2ee03a12406bf22bad8898dae61da4cbcf36ad89f740784e69a
SHA512565bcbc0094b24a0a042d7ee3dbac23f3751287c1113aad3d59f18dbb49c296908079cd5cfdb27f1c1ffcaa8f1243ee3bbaa92c098b021a971a972677ee8ebb0
-
Filesize
4KB
MD531d786f7ddf688ee97eb1a8462547dac
SHA1dccc81490a104610059353ff69682698dd16859d
SHA256e9f23f30fdb55d95e69e1930049a098f964092ad3811f7f6703fa5fe9c2216ad
SHA5121ee26a14cd855ed82d4f5ea642fdcc4c4e09eacc6a5a495234842045c3ee9dd8a16bc03527715bfb6f96e2f8d275d9b992b774dd897270966526522cd42473e2
-
Filesize
4KB
MD52677083711f8a3c8d6ae9457836c65bb
SHA1f071f6841b446da284620e9b2d7708d8b052c92f
SHA256aa5ac433a555362118ef0bf18cb5f8fe336a981d8f8cced6511cd9f31e63ec92
SHA512a0f9e4d4978640f6bd4d9d70f2b33298daec2e8ba50a5095925c2688e463f3e685b5d054bc516c13bf3eae12f62327a636b736c61853061c38f25e4c721b9b58
-
Filesize
4KB
MD5674bba33f820e06951cdaf49222a9e23
SHA1e461f26b708051584571b3cb2ebca98457dcd77d
SHA256d03508361cc4e9814b3d4c20eedf6956e31fa1af8487f3b7a72615c0f16d79ec
SHA5126b96fc15122e385aa8c6f9f8b9520f742f9a066ddd29124ad415ca48202b8ff7e8f6b74e3cb7cdc52aa6c915e2eb2b8d7f3d802e1138d8e99f1d2bac4f70e1fa
-
Filesize
538B
MD56c42e76160ffd267f83694d67323610a
SHA128ac10f4db65fc7d0629a18dc8cba17533024e28
SHA25612e05cacc2fd6e1c2023e87a152f88b939088e7a619297497ceeb93a9a3b28a6
SHA512e06069dd6efba6f3217f77cbace9720c527f3eb34874246a8b42f07217147bb3822fea7785b67dfc0e2d0d241784d309930fbc8a9f681a11688d5abcec666f25
-
Filesize
16B
MD546295cac801e5d4857d09837238a6394
SHA144e0fa1b517dbf802b18faf0785eeea6ac51594b
SHA2560f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443
SHA5128969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23
-
Filesize
16B
MD5206702161f94c5cd39fadd03f4014d98
SHA1bd8bfc144fb5326d21bd1531523d9fb50e1b600a
SHA2561005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167
SHA5120af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145
-
Filesize
11KB
MD58066bfa945c2a7d2a5e99411e93172dc
SHA15988441698eecbf6d89a0d3ebb8509856493bbda
SHA25614cc892dea5836e8ffdb8065b0aa1ad237b6f60304b76bb26d22d9fb83c146f5
SHA51228cf65ba59216bed0629cd1a0d39a42f330e617eb4b2654a5b732f40c15a8e9a125ea3ebad4c6749458392c873846a9175d59f37ffbff163e6b1a62a46e93d4d
-
Filesize
12KB
MD590c99a70b32e7c4744faa2f4ac69f75a
SHA13552f7bd196c752fd002d35f71df0cf5b97d1483
SHA2566f78f86043d3e8f1e9b36243ba6fb635b80a6ade46f5e24bc68d6c1126c6d4aa
SHA5129e813e63133502cad9ea40a246d6f1695426848f8df350c0a9c28bf817f92d82c75641091343f3ca8080e9736df35e70747425d63e2add82ce3eb39984c678af
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp
Filesize29KB
MD5d032c762d7373fa2684ef0067f28740e
SHA123214b90b66fe9d9f7157a0b22d7706200506030
SHA256a6486700ff734b288a460b6cb234995b64e3ee32cf8a1136b31b516153b7229f
SHA5128229784566d621829b0cc0e392fe4751de1a729827ad0c9b9cc626c1f9dcbd8aebbc86c1f6147e03980ed219c94973fa1e9b551dae275567da8e3c9ebf1f6e8f
-
Filesize
16KB
MD501ca156a762fb6da999207a84d2a7743
SHA1a07ca0c878926b05fd79c9b3a33eb26258fd3c16
SHA25651abbbdc0d9efdb1d9268d268ea96202a001e6dba6c9b8b026c6275bd73df26d
SHA51232d84a86e022c54e18d8ab00f83b24259c892c076a8d04f75ec690cc2beec6e6fee9c00f3fd4b4a75b3589b2c21a012c6333878ecf965d8934df25a06ea6a646
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263
Filesize13KB
MD524a95d55e3c3f5cbc4e778dbaa7d6e9e
SHA1fb66247c8b034d5783c174b5ee93474dfbbf9362
SHA256802307b407adbd87130c0c2255969ddbba635e1a3c14653733b3dbddaeac776a
SHA5127ed56b10d22e2feac461ca5662c86669f872b1978a34a658d377b171532bad5fd030639db5d975a97873945044c134c1c59ea665c9023e393ffd76070d6ed429
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\cache2\entries\F8CBD54DDA10F4286A41EC6A537240712D6C2308
Filesize9KB
MD5b646c84c5991e176f7e137ff8f515f7b
SHA152dd56c58a28ded672942d0bf38bc94ba0168705
SHA256beeda1c19d1ca22c41d0882ad22d9a221282eb9969d8e058d1d42ecf9ca0efa1
SHA512e0e90535fa75d5dc65b96953ea537b0f11fac66c4daab07ccb34146f5247417dfb934cea6c63b4e8cb549a8d8629370d5baef5e9bcb1a072e098d47d364b137b
-
Filesize
81B
MD5a7657c3d29ffa0c38fa0710c4a057a18
SHA15300f1c026ad4858951eb8b38c1eda03369f2161
SHA256732fca23c9deaab2aec377e2bbba5905983a5545c2a8c7eecdded379b59699b6
SHA512886bee5b25822ada19a411eda1b5bbb98b83740a1b17d96e915dcdc0c835d81bd2d9e83cb49fc4299aac52722c51007d3ceee3229f070fa7a0accafec2c7a07c
-
Filesize
1.5MB
MD5172a25012639d2177d4218d386953f6d
SHA1f7a937a8d9fa267cf2cfd9f7ebfbbef0618c91f5
SHA25659b4c3fd71a9d602778ac9479c101c87c9ec0ef28d9a986c6222ed965cad21c8
SHA512c8d318e3eb81928d1e781182fc59a57395353443e9d33548316238f3cafcbb2de40e0978d17147a5a3a021b168f24144222246d2749dca1a4a10bff3662a0a80
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
8.0MB
MD5a01c5ecd6108350ae23d2cddf0e77c17
SHA1c6ac28a2cd979f1f9a75d56271821d5ff665e2b6
SHA256345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42
SHA512b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize11.8MB
MD533bf7b0439480effb9fb212efce87b13
SHA1cee50f2745edc6dc291887b6075ca64d716f495a
SHA2568ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e
SHA512d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
8KB
MD5659e8760c0c3e9acf6931867bbfe6f7f
SHA11041ded2d06e79bd8bb04e51318f2b4c8e26b2d2
SHA2564d62a333cb1045de0aeff1984de5f57dbe18b99e24aa7f7a0689cf84e9370a73
SHA512ee4144bb5159b673592cbaab93e32837b669cef58b79ed958492d2ab5537fe674a972e7f3c1489e4d8548a9de349d6596437c6b8298a72f59dc25a8e57e5d408
-
Filesize
7KB
MD50abbcd5e5a195deefc2aca3723b4ce49
SHA1bda98cce0dafdfa52da2891a175ef0a22f98b1c4
SHA256a05c4d08851fb95e5a87baa7bbf9418f03511ab0e66c3347a7df82e1de2208ca
SHA512794e4ba15b29afe8e450706b33ffee8fe90d30bea511990ee762590b305ee77ce9fbeed9bf39fb02a985ee3c02a8009de7a82490dcb5b448605c681ce97441ed
-
Filesize
6KB
MD5cd114da5934c38af5195654da0ee8bb5
SHA1211409cfaab1136dd3b72eff55b884a1167646dd
SHA2564125a6fe491d8ae67bc8f8e1dea2d2ac88539cbf93a242d3d1308026f0da5c01
SHA51297f4059334319d5ec2774bec9ea2a3d49583487c13f0a1490c9a51143d630df558397f84eccb01980f378e3d53208f3782decdd0f3fbc8d1bfefd5c77893e4c5
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5de2318ed1f4867bb6d736c2d06d8bb7a
SHA116009969d16ab39691b85c32b9b6d4c22fa34779
SHA2561043582351bf29344f92f2cb9448db326b725716ffe984aaf76b2c6e11f3476d
SHA5128194249f3f3114106450de0d0126b838908314a139a53b8b26f9cc16c214b3637718e7fbb17fdd8664e64861e543a38748e57ea186bd14b6109adea57880720d
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5deeb61604c9ab319d18e7eb1bd6d9a24
SHA1fad0fb21d09ccd8508e80249dcee305df0b639ca
SHA256986bf51522e6e33ea14d54cd5322aa55ee56c95e7f01bc81c96ff7befaee5bba
SHA51225f72a49b3c6823a4b31f44db18da2b074fd1bf114f977a8865fcfdffa44b2ee0e89b7dd2756d95a8014031694e9932c95de9b2d2ea41e78683f8c80c18ece0e
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize9KB
MD5518bcb341793086a662a4d3052e81591
SHA162ddda41f10204681a0c7a9bef6c692e4f19f766
SHA2567c43d4d029fef583e1980bb5b65b41b8bd6233cd50f2fa31dc07522f1b6c22a2
SHA512415f2189230a8ae61ae19f184c6b692a136c182316411711e53066ca61b7caa442e8a62c1ecf0153004c3c0894dbeb1d8a99448c16223563b2af5f9b40026cf9
-
Filesize
41B
MD55af87dfd673ba2115e2fcf5cfdb727ab
SHA1d5b5bbf396dc291274584ef71f444f420b6056f1
SHA256f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4
SHA512de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b
-
Filesize
9KB
MD5be5703fc72b1ffed90f587a13266738d
SHA10aad50c44f204aec18ba7e553d604b88f48c3621
SHA2567e9dae07c1eba63d9b65e0b2f0241902a6406e4e329c5ddba617da2f856dd351
SHA512daf5fac58eed1673f4fb8b53c2248d561fb14e093cf53a960aca8e701111d6ec34ac80b7c39c5137e2aef883da5a2d62b28f018a4ae9287a13884999a007c3ab
-
Filesize
147B
MD5632baae7961971b45182ed7f60b09466
SHA1ca8bb0a1ee6d319a67b67d94e2246ad44cec67e7
SHA256a532726f2b49df41913f3d96f21c930d69efc1c270955d12f03f634f3499bb6e
SHA5121904d1a4b2fa3413ed6d89ad01a05e721646d0c30c066f79b851fc5a38c1bbd14e590c294deb243ff9d8948ddc278a6bddf42a49c591472ab99afe184a505bae