072ae063625482dc3918e8e5af3d03c39778fdd599dab11025f9e2e136ec7f06

Analysis

max time kernel
149s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
03-08-2024 21:34

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

DVResolve-RPC v1.0/DiscordRPC.dll
Size

82KB
MD5

c6115a08c8e50dac0194fb98d3edc9d2
SHA1

903da7fb7ad47b7ad8eb5984ed54a865f6148744
SHA256

4dd4d48e0681604e3a7a72b6eae42173421d0b806b1af8fa03b45d9999978499
SHA512

3e43f721cf7b1ab28a4ff771b4186c70523eb2bd236063111593453c08dc8a7cf3fffd6a15af72502e8b800a35fbc7a7bd4ebb5b8f5f41796ee62a7a4a96c324
SSDEEP

768:eZGfuhWbsoZkmJPTsERSrxWjOFB8ZZnwUMOpSJAT9wQtc3nIYH+nijpJRMnk56Ha:TWIbP3QxWjOQ5pYlPMkh+mTxtSNy

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133671945839256327"	chrome.exe
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe

Modifies registry class 1 IoCs

Processes:

firefox.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings firefox.exe
Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

4856 chrome.exe
4856 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 4 IoCs

Processes:

chrome.exe

pid process

4856 chrome.exe
4856 chrome.exe
4856 chrome.exe
4856 chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-656926755-4116854191-210765258-1000_Classes\Local Settings	firefox.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe
Token: SeShutdownPrivilege	4856	chrome.exe
Token: SeCreatePagefilePrivilege	4856	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

Processes:

chrome.exefirefox.exe

pid	process
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe

Suspicious use of SendNotifyMessage 60 IoCs

Processes:

chrome.exefirefox.exe

pid	process
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4856	chrome.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe
4388	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

4388 firefox.exe

pid	process
4388	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 4856 wrote to memory of 2924	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2924	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 2800	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 4624	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 4624	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe
PID 4856 wrote to memory of 1288	4856	chrome.exe	chrome.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\DVResolve-RPC v1.0\DiscordRPC.dll",#1
1⤵
PID:4088

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ffee1b8cc40,0x7ffee1b8cc4c,0x7ffee1b8cc58
2⤵
PID:2924

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1948,i,2610797615656782760,2646281609386505891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=1944 /prefetch:2
2⤵
PID:2800

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2208,i,2610797615656782760,2646281609386505891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2272 /prefetch:3
2⤵
PID:4624

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2316,i,2610797615656782760,2646281609386505891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=2472 /prefetch:8
2⤵
PID:1288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3172,i,2610797615656782760,2646281609386505891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3192 /prefetch:1
2⤵
PID:1716

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3320,i,2610797615656782760,2646281609386505891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=3372 /prefetch:1
2⤵
PID:4532

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4532,i,2610797615656782760,2646281609386505891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4536 /prefetch:1
2⤵
PID:652

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4792,i,2610797615656782760,2646281609386505891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4820 /prefetch:8
2⤵
PID:4896

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4812,i,2610797615656782760,2646281609386505891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4820 /prefetch:8
2⤵
PID:2860

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4880,i,2610797615656782760,2646281609386505891,262144 --variations-seed-version=20240802-050153.822000 --mojo-platform-channel-handle=4840 /prefetch:1
2⤵
PID:5020

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1048

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:4208

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4956

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:4388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2028 -parentBuildID 20240401114208 -prefsHandle 1944 -prefMapHandle 1936 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {a565c630-3fab-486e-9974-b55ff2e59015} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" gpu
3⤵
PID:1716

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2444 -parentBuildID 20240401114208 -prefsHandle 2436 -prefMapHandle 2432 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f02e30a1-b9f8-410e-abd8-fa17a465f996} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" socket
3⤵
PID:1144

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3068 -childID 1 -isForBrowser -prefsHandle 3036 -prefMapHandle 3008 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b4303002-1e49-42f3-95fb-ca183259f354} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
3⤵
PID:5004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3812 -childID 2 -isForBrowser -prefsHandle 3800 -prefMapHandle 3796 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef8e406f-c51b-47e3-9215-da297fd8544b} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
3⤵
PID:1684

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4672 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4828 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {56c0f7a5-902e-4101-915f-64dbaab7bf8e} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" utility
3⤵
- Checks processor information in registry
PID:2864

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5380 -childID 3 -isForBrowser -prefsHandle 5356 -prefMapHandle 5352 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d480d42f-08ac-4f15-a57c-c1e86fbad45a} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
3⤵
PID:2768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5512 -childID 4 -isForBrowser -prefsHandle 5520 -prefMapHandle 5296 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6bda60fb-febd-40b0-854a-bbf14446ea38} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
3⤵
PID:1072

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5776 -childID 5 -isForBrowser -prefsHandle 5696 -prefMapHandle 5700 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1db68ea0-216d-470f-a653-f1853cf1482c} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
3⤵
PID:1032

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6032 -childID 6 -isForBrowser -prefsHandle 2796 -prefMapHandle 6036 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 1268 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {69f74f06-8f97-4cf7-9579-088804889963} 4388 "\\.\pipe\gecko-crash-server-pipe.4388" tab
3⤵
PID:1436

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000001

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
c4be2574765acd1420ac2c13facacfac

SHA1
34b738f7d88a19740a47dd9bd2b902d7d81f4cf6

SHA256
f14364982870e7414f12b0f0d1945808f7850fdb80729afa99b42c22d39c3a0d

SHA512
d1521911395f550e4eee3f587bef494531dd7ec859c2840706def73d4493e7bdac6c16616b8d45a16b981cec809cce06857c39a457bb5746cf4f13cb06096bab

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
2KB

MD5
cd008f5a33c1c59701804255ada2a1b2

SHA1
423eacb2ffbbd3331b5e3e00bc8778096bee0d82

SHA256
a73217118a102e32b80f78c74a7fa260b581d2936090a150170ddffe03f11e48

SHA512
979b84d4fdcc275813228f8ac57a079a445f1518e3c71641fe912501414b3dd13ab6ccb18da193082017744bba91f2177d1a3f31ac5367fca9b72c220752ba88

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
426ce0293e1cffc9fa494b69b00c9a7b

SHA1
86bdd90222e69409dd98345c1f582167ce1e3d5f

SHA256
44a8a18508a2db5ef92bc5d4dbad1e68f148b209c9c684c20792d35674e589cc

SHA512
10af2bf6e0a01b5f1039df6073fb64ffda5e82652fb9481c27da2676bb4bc18e998820f9ef56703a98a1bf0c835b76ba22f3c55deb56778dceab2de3966cd365

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
352B

MD5
f57a254af2ff8db3f59f3cf9a7c8a0b3

SHA1
ced8d2615a06d5b9e3cc3736569bb44fc3d93bae

SHA256
950563cf680176d97899bde75d3c6ff77246f7d7b832422eb08814f6dbc6a43a

SHA512
cc3e4ea330271df66b2aac0adbb4e8493500279e332151e1b1f5976115f849ceab7c7b28cb6a2319eef86bbad4ccc42bf746857d442fe2839243d2b7fc1d1934

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
412923175b763f248249687ac5d2f026

SHA1
37ac16960c14356f2a9974346f3f23d10218c6a8

SHA256
69d363b052933266d374a81488fd32da43ba73aa1d2f3e2d9ee1842696559cf9

SHA512
5c6bd7445993c0e7fb84880f8e2aac829dd30837d18d8c83dbefd315dd8277080430d4674aa2941f7d8be3625754bdb4892ad2644967bef5de427eb932a1a1fa

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
9b5261f5ee0014d20ed6e8705c122e90

SHA1
82def8d1efdd5e39ed1f333b14fa75ff4f2d6b5f

SHA256
0e84dbcb2c5cbdb1093ad79f836fcb7349e6e0cead80e56cfe06072f969f2a7e

SHA512
a81e0ea865a85030243ed1706215cebaeccb3e6c9e3262f314e481c72f86c62ffefcb5d811378a50adac939d39911005727a9e78708d1d0a2ca9eab53760ec2c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
8KB

MD5
ff1871db3a0a68b7088980260f22d77a

SHA1
5a89e252fbc2ec400f8df17a73ed33c75f8d26f9

SHA256
73d9cf448a094c48a0ce21e708d05f63087d5f3f1f43747070c28f9efa1f27e9

SHA512
c50c331467df3b7eb419c5562c20fe356e996d46d3a71a8f02cad5aa2f941160cf27c48a7a1f8c198b9cf94e2bc10225ed925f1e66dc447f7732b1540cfd1c68

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
a050e445036c2cc756e8373631f393bf

SHA1
07c28ef92bd755949d89f207f051a416183caee4

SHA256
d5a2023848163734134d3e98e4bce2a2bb99e6c9b838b8ca8d589c2211cd51c1

SHA512
0f4f84b0e1beb811d3b7921cd9ac8c40b8e6cef7ba39d8c24a03336144796ae692e99e6b05a0416c8d944b4cc82156be0ed1786dd17cd1ef746ed0f3165ef7c1

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

Filesize
15KB

MD5
a5c8feb9b50685d4647aaa142ed0f105

SHA1
6ff1024820aa2a3f9b54afc879c10ef16bd32ed5

SHA256
c4900d93ffd29ec78d57d21369e1514f6d8222c03ed319ad44393f03b8435b9c

SHA512
377243caf783226279cd6bf60274a478995dc4330f0fdfbd80a3d2a36c2c3356235803184fcd7456e8b6270b701d7349c95d8790172d54537f822b8bd9881fde

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
b67e41cfd69aaade603b4e6ee8aabdbd

SHA1
66404b10399908598d9f13133f0b0e5f8b43dd0f

SHA256
328a9c39cf6fca08d5a12569d12d7e06f6f916363c9fe84637000cfeb9c0a38c

SHA512
f75c204897b274494b729f5444f9e007fd4b0b5c918e26836d73f5913325e0c95ee818c30e2bf44f7c37e2059db5f2f48716eab99d7eecf7a734cfda3c186d07

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
519830c36ce650940f9bfd27575d00a2

SHA1
7d74d2903a550947b9d153aa4ede5d4dd63fb0b4

SHA256
c12db1b355339eb370aab2d62d98850638cbc4a57d879f3f47e83ba07a266e71

SHA512
32c1ece69d5ff55f1d81e26e00c2ed46e578faf08889b39fda035222759fb518b2e2f661ddd16fcd316195b99947254f488727c7a79724f57ff1974c7975b608

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
195KB

MD5
02ab93476bbbc343efc4acc8c4dbb6a2

SHA1
0bf54354eaa3b0a59f48311a70471cf19dd17dec

SHA256
459e2c60718e64395bbda1fce5f8515ac366d7f5bf687fe3e4941d7d9480c3d4

SHA512
662b71f7a79ce08cf05d96ce23f8f0193d059e2203e1360a97d89df504cf6b16013fd3c595143cacb721d959d3a3b474e4a1360b745e690974d66afb88821a8f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_1

Filesize
264KB

MD5
c48bf2d62af6e07d96725a7675fad17f

SHA1
8f48d3460008620d0b764b49af1a7dbacddb3ad8

SHA256
622209fa2b029d08ce4f89d47d98a35cbd66b43ec00b36766a5f1a4e1b098cdb

SHA512
ca1f4cf4663a05b0ffcf6704359b6bd94dfe272aee9fecd72d0ed63b449de03f84261fa507b7220fc961085ecdae5310c4c2706d11d1956ecc67f06877cdd09e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\activity-stream.discovery_stream.json

Filesize
24KB

MD5
37311fb738b75a857ef3d53e7db02524

SHA1
8583662676d355c3f4e1413a3eae397c303ea4c6

SHA256
b156e1f4a3ca0394e642bd2f89bbd129b42dfea5672f60f7ba2dea31a9822c01

SHA512
9e600db8b757dcbe56cf28f2748edfc0b76e66093fe590897697531619094e13b456c346df8611c7472cbbd44c733653549d5d558d0f3ae28101e526241094da

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
db3270d8a92105a7b1dc7c1d21a01b9e

SHA1
46b8ce12e969e1c2187013cee20a1b2bd4b5fe1f

SHA256
93c1e5dbad385a8059292879e5d9a01a87a4beb8443939ff59047527083c474d

SHA512
53bcfda29c40086941ade47c1a902aeb00bbb03cd516da6cc3f8876ac091bc109ea68511ef03b61ee58b70029d3308f6379e4c7d5f0b75b1711b4468c0cd2d84

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\5utpapi8.default-release\cache2\entries\8709E8A0A3A140D3BA059C3A07420EF01DA5FB25

Filesize
32KB

MD5
729a5e4efc2f6ea575279c26e404d8e5

SHA1
cd8ab397ff633767cbb672e4657b554ac9f7e857

SHA256
47742da99ba269f59f2158ca8414febad806ee7efc8f847c78919ff1ef27dd70

SHA512
3da98de8967d7e49d299f0e87a72e2b07fd02476667b1bde823e3f0e33639f7d3a2645f58b1ee3f169aaac1860ca46b706aee3dacc6e0cfdd9535ef53035b8bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
8KB

MD5
aadebcce04aa087168ca73ec7f55a8e9

SHA1
e2ec47995b0c062f50ea331cdd54de10f8d4f120

SHA256
1926fb290d35870f44802f8cfe30dcfa763e5f2bf05fbe859134931323cf7bef

SHA512
3f52c27fa1aa5a0b58747e8a8245c05e4a4797d98d31a595ceb6b2eba648a986e92a1455ea669b7413b80da33195745286121713fcae1454324d00fad1910a6b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\AlternateServices.bin

Filesize
12KB

MD5
1e2a0ae8fe3be6da9503f571c897ed12

SHA1
260373bf9be65c204cb83708d06c8779601bf669

SHA256
33ebb70da8eea08aebf31b168a5d99f135b9d06dfacda4750db4919259573c4d

SHA512
ec153d5e259552457cfa8417ef4f773648e6a32d9719cd93d8ff985c87117020709536405415af38abb51dc57cce74ce633007787b631d743aa9e6c37f367bac

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
9abaf5356a595d319785a41eb2021869

SHA1
ca3078550a13357f1559f9ae167d2a08f7b7bb17

SHA256
cdd3957a8fa37ce140b0fbb0829f8edab638366f45e04b0fc6d88f9a14098992

SHA512
4cde6941fe654d8a2e19c7b088eae8cef937fc24c780db259d2ebba255651ea4d73ab2fb28c2927ff54ea7d200ec2e229c3e9361397bd76978c34bcb13957411

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
16b437277efd49361e0503f3a3849eac

SHA1
d1637d2b7678133f644e29d7cc849bcc5473d4ad

SHA256
62e6531cbc63227e80b8d8fd393fd9a5cac1c02538f5e8552fc6fbf5305481b6

SHA512
9cdaf82c96211434f7dca35831a7e28b7996336f58575b4b494ddc4f60b71ea2880f04069cbf5e17162028cee980a2aa81903f37b6665e631b3bc5096ee3e22b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
16b190eced8ed8220a5cc61ef66896c5

SHA1
5c3fdb4a8223a1e3d77bcfdc723a933bebea5a4f

SHA256
acd3602d504f32ddb72e71388db1b5a9bdfc982e371353c34fcea85d6de173c2

SHA512
2be84381d9e4271a54ccca8208046c5c13e291c24414b19c35f4e6a504242550bd27fc49fec0ea23bdbcb2aaa32c7352b2d012f8c9b914cb52f94c36ea68667a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\451378c3-87db-4994-bd38-d72e62382f17

Filesize
671B

MD5
e84d93941c36a64c3519dc4549ddbb40

SHA1
751ac5aa412192f4d5116610ab2571231a14487c

SHA256
d102cb9a17877cef907a08e18e02e1428459f3aa8d362a69b9c9c747efc000cc

SHA512
fa12eccd4d6448980f66e713c7c9565c3b444be1d086e7515bad6fbadcdcf51176098415a5427aee0583b49c53901944a76187a508003fea2ba2b1322e703a76

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\663e31ff-dc47-477a-9dd1-2bbf79019c76

Filesize
982B

MD5
b4787875598c28a6626cf14135b8a241

SHA1
7cc2761ce2a9f556903bb4a9d52855853e667cef

SHA256
0cbb974dcf09a99d5f9d14ac4842fa7c05181d2cce93fa950207c2e550879475

SHA512
cffb390a50c9c9e8ee727820321343ba7038dce1cef08c8e88706d6c0a7fa0ea50294392ff116be122711329637ddd793393afe36eaee85b12f6d994152e58c8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\datareporting\glean\pending_pings\dac85122-e2f0-4f21-9586-639ed6c84627

Filesize
26KB

MD5
f18c4eeffe53b2209a1ea6504f32f577

SHA1
83d31f44256d1408b2e0bc3ec41c5a8ed5d59c71

SHA256
c0243c586c28fa6831a7e24839737edf837dbfb2c2fdcb913a51d34f24ef4284

SHA512
e3b555d3bf59ee0776f632d400d2b524ca2fc2fa6359da97dfa8d6f549096d53269d2005a545ae5b12a8fb048c880f524f1b7964f2e4fc0fd5a1bd94a5bbc226

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
bcc9b20f427d2fa277cd674bf6c9d09b

SHA1
0ed65076f8e1ddf8f8ba33ebb8144ec3bd859d0f

SHA256
4dbbf226bd1eb89cb5ad2e0324b524234b71259c93c4a52428e0d73b394e7836

SHA512
9954c446c593402557f60b20a348092a275759ee7934faab69625eddcbb49788ca3bc470b54e8a0762ceabb58d8fc387c8beb02117dfc3bf015d839bb984193f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs-1.js

Filesize
11KB

MD5
c84e753bfcaaf515abf79240a588a2f8

SHA1
fbe0f73a1fa060a4c9650703dceb22df530a197f

SHA256
69bc3002df7b78a2dbb33921585d066bb5e4522692a4dbf4345c2cbc58b25bd8

SHA512
102987461162eb9477bb03aa8eb501a250489fbad1b5daae9be66b5f36d6dbceaa32c021674f8fd2c100fda5394d00d532701704e5a88969cb0c7f5a62ed3cfa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\prefs.js

Filesize
11KB

MD5
e22cbc4c3df06b6095f9780cf9490892

SHA1
7495ad8c14b30ec0038e57bf018693aaf85891b0

SHA256
bfa5dafb29a3d70633070235a435e19ff109be80930baf9a988894b3d0fb585f

SHA512
dafe094df7439d284e86094ed4bb79c790c3d90db81ec8b2d0112fb3702943e7551658bef7c4545695e4daefef69bb6af677a46a4ab4613130db9a52d65423b2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
3e826e791d221e20ab0d05ee701dd55a

SHA1
bcb72ab1723f1eccc44fcc6f48f7e3a523da0669

SHA256
1de7f58197f059b0861f7f1b210c0e6f199e55ccb3ac55cf2b6fe5c325382c1e

SHA512
1ba79e966eb2e370c9c229ec7a3d31fbef783dd6b41b8b6a8178ba1d677d9f72ea42bcf66ac7e992ddeccf57145febcd7fa8cc52ef36cf52224cd96e14a14c98

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\5utpapi8.default-release\sessionstore-backups\recovery.baklz4

Filesize
4KB

MD5
bffe962c00cb70f133978ccfb5c04788

SHA1
6907077fe851ba6583bed460a1f92d63fac6a4cd

SHA256
db56bf1a8849cb964614042f329bf73a1a81aff0ac47e3a546db69b123922568

SHA512
f4883fb363f8c5e9ddb4cbe5192639a0e7442513092b601979f3663c19da1d05288b8438fc652811356523b611ef2c0b6231b2f8ab8595868168fe0444f001c5

Download Submit
\??\pipe\crashpad_4856_RPUFTJSGWJMNEWDR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit