hxxp://bing[.]com

max time kernel
244s
max time network
246s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
15-08-2024 16:35

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://bing.com

Score

5^/10

discovery

Malware Config

Signatures

Drops file in System32 directory 2 IoCs

description	ioc	Process
File created	C:\Windows\System32\DriverStore\FileRepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe
File created	\??\c:\windows\system32\driverstore\filerepository\display.inf_amd64_71aa85b0e2292a7a\display.PNF	chrome.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133682133347728027"	chrome.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2170637797-568393320-3232933035-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2170637797-568393320-3232933035-1000\{7643E81F-2675-4234-875B-906F9FE12BB6}	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe
6464	chrome.exe
6464	chrome.exe
6464	chrome.exe
6464	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe
Token: SeShutdownPrivilege	3064	chrome.exe
Token: SeCreatePagefilePrivilege	3064	chrome.exe

Suspicious use of FindShellTrayWindow 47 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3064	chrome.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe
3748	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3748	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3064 wrote to memory of 2400	3064	chrome.exe	94
PID 3064 wrote to memory of 2400	3064	chrome.exe	94
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 1340	3064	chrome.exe	95
PID 3064 wrote to memory of 2444	3064	chrome.exe	96
PID 3064 wrote to memory of 2444	3064	chrome.exe	96
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97
PID 3064 wrote to memory of 4448	3064	chrome.exe	97

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument http://bing.com
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3064
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffa3e61cc40,0x7ffa3e61cc4c,0x7ffa3e61cc58
  2⤵
  PID:2400
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1932,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=1920 /prefetch:2
  2⤵
  PID:1340
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2144,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  PID:2444
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2384 /prefetch:8
  2⤵
  PID:4448
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3028,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3056 /prefetch:1
  2⤵
  PID:380
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3032,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3180 /prefetch:1
  2⤵
  PID:60
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4480,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3872 /prefetch:1
  2⤵
  PID:3736
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --field-trial-handle=3300,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4676 /prefetch:1
  2⤵
  PID:1956
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --field-trial-handle=4328,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:4572
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --field-trial-handle=4344,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4852 /prefetch:1
  2⤵
  PID:1824
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4384,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4748 /prefetch:8
  2⤵
  PID:972
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --field-trial-handle=3064,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4628 /prefetch:1
  2⤵
  PID:3588
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=728,i,14646927346393947070,3110579370785381216,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3156 /prefetch:8
  2⤵
  - Drops file in System32 directory
  - Suspicious behavior: EnumeratesProcesses
  PID:6464

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:1480

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4120,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4380 /prefetch:8
1⤵
PID:3648

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
1⤵
PID:944

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1800
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3748
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 23602 -prefMapSize 244628 -appDir "C:\Program Files\Mozilla Firefox\browser" - {09327bef-4366-4537-9031-993985b3ab38} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" gpu
    3⤵
    PID:5244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2388 -prefMapHandle 2376 -prefsLen 23638 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4f16db36-81ff-4162-acab-2110d017359e} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" socket
    3⤵
    PID:5304
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3040 -childID 1 -isForBrowser -prefsHandle 3068 -prefMapHandle 3104 -prefsLen 23779 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {83c6c6e4-c4a0-42fc-a81a-4d0ab7bf4888} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" tab
    3⤵
    PID:5600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4164 -childID 2 -isForBrowser -prefsHandle 4208 -prefMapHandle 4204 -prefsLen 29012 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1052743e-7c96-42e3-881d-b8c7744b18b3} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" tab
    3⤵
    PID:5820
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4840 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4832 -prefMapHandle 4828 -prefsLen 29012 -prefMapSize 244628 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {04ad8e4a-d24d-47f9-80b3-a2a62ce30ade} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" utility
    3⤵
    - Checks processor information in registry
    PID:6432
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5152 -childID 3 -isForBrowser -prefsHandle 4832 -prefMapHandle 5108 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {12fd30bc-0405-4ec1-b2e5-e0065d7d292a} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" tab
    3⤵
    PID:6660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5388 -childID 4 -isForBrowser -prefsHandle 5400 -prefMapHandle 5368 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a1dca60f-d810-4baa-980c-1c9bbe3d5bd5} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" tab
    3⤵
    PID:6696
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5616 -childID 5 -isForBrowser -prefsHandle 5608 -prefMapHandle 5604 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {50410903-f5b7-4d53-973e-00c8bb93e15a} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" tab
    3⤵
    PID:6716
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6088 -childID 6 -isForBrowser -prefsHandle 6072 -prefMapHandle 6080 -prefsLen 26989 -prefMapSize 244628 -jsInitHandle 1264 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c0e72c66-ad4b-4a8a-873b-52972ca43944} 3748 "\\.\pipe\gecko-crash-server-pipe.3748" tab
    3⤵
    PID:6248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"
1⤵
PID:3308

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=17 --field-trial-handle=4732,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4972 /prefetch:1
1⤵
PID:6572

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --field-trial-handle=4380,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=1060 /prefetch:1
1⤵
PID:6496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=5528,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5520 /prefetch:8
1⤵
PID:6560

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=entity_extraction_service.mojom.Extractor --lang=en-US --service-sandbox-type=entity_extraction --onnx-enabled-for-ee --field-trial-handle=5540,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5596 /prefetch:8
1⤵
PID:6592

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --field-trial-handle=6036,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6016 /prefetch:1
1⤵
PID:6044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --field-trial-handle=6068,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5980 /prefetch:1
1⤵
PID:5996

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=4660,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6152 /prefetch:8
1⤵
PID:1800

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --field-trial-handle=5000,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4936 /prefetch:1
1⤵
PID:5660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --field-trial-handle=6180,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6624 /prefetch:8
1⤵
PID:6344

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --field-trial-handle=6212,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6740 /prefetch:1
1⤵
PID:5720

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=26 --field-trial-handle=4428,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6716 /prefetch:1
1⤵
PID:6056

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=27 --field-trial-handle=6660,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:1
1⤵
PID:3444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=28 --field-trial-handle=4936,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6836 /prefetch:1
1⤵
PID:6924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --field-trial-handle=6724,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6684 /prefetch:8
1⤵
PID:1036

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --field-trial-handle=6236,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6460 /prefetch:8
1⤵
- Modifies registry class
PID:860

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=31 --field-trial-handle=7008,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7036 /prefetch:1
1⤵
PID:6832

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=32 --field-trial-handle=7176,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7148 /prefetch:1
1⤵
PID:4896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=33 --field-trial-handle=6600,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7220 /prefetch:1
1⤵
PID:3584

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=34 --field-trial-handle=7420,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7520 /prefetch:1
1⤵
PID:4048

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=35 --field-trial-handle=7552,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7652 /prefetch:1
1⤵
PID:4264

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=36 --field-trial-handle=7452,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7380 /prefetch:1
1⤵
PID:6920

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_search_indexer.mojom.SearchIndexerInterfaceBroker --lang=en-US --service-sandbox-type=search_indexer --message-loop-type-ui --field-trial-handle=7644,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7660 /prefetch:8
1⤵
PID:6836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=38 --field-trial-handle=7664,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7388 /prefetch:1
1⤵
PID:1324

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=39 --field-trial-handle=7328,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7852 /prefetch:1
1⤵
PID:3736

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=40 --field-trial-handle=7472,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8096 /prefetch:1
1⤵
PID:3044

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=41 --field-trial-handle=5516,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=4016 /prefetch:1
1⤵
PID:7596

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=42 --field-trial-handle=5696,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5796 /prefetch:1
1⤵
PID:7660

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --instant-process --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=43 --field-trial-handle=5776,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5772 /prefetch:1
1⤵
PID:7668

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=44 --field-trial-handle=5616,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5672 /prefetch:1
1⤵
PID:7836

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=45 --field-trial-handle=5840,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=5716 /prefetch:1
1⤵
PID:7968

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=46 --field-trial-handle=7024,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7216 /prefetch:1
1⤵
PID:8124

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=47 --field-trial-handle=7356,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8208 /prefetch:1
1⤵
PID:5956

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=48 --field-trial-handle=8376,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8336 /prefetch:1
1⤵
PID:5076

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=49 --field-trial-handle=8540,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8576 /prefetch:1
1⤵
PID:6812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=50 --field-trial-handle=8392,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7856 /prefetch:1
1⤵
PID:2376

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=51 --field-trial-handle=5700,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=7200 /prefetch:1
1⤵
PID:5680

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=52 --field-trial-handle=8688,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8564 /prefetch:1
1⤵
PID:3492

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=53 --field-trial-handle=8084,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=6172 /prefetch:1
1⤵
PID:7160

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --enable-dinosaur-easter-egg-alt-images --disable-gpu-compositing --video-capture-use-gpu-memory-buffer --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=54 --field-trial-handle=8608,i,1729213506309163284,12809566808978835441,262144 --variations-seed-version --mojo-platform-channel-handle=8916 /prefetch:1
1⤵
PID:1632

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\610a5afe-f320-4c79-9393-f60962c51812.tmp

Filesize
10KB

MD5
d3a280e8bff52cc673a11e6c65c7467e

SHA1
db3daf4b495437abeb90ef3ab6e26e8c79e8a4de

SHA256
520d09a4410354cc63126f562119adf7787377904703d48a594fa393c45dcf3b

SHA512
f4e8cae00cd45a93c41475b3a617317231d90f7353d32a1b3ce9745c7a1bc26c35d1ed120f9dcac56cedeb57a554240a9a77587365c8a0696df7b0054eb0a3e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\82a629e3-7357-4610-bdbf-c7d950db121b.tmp

Filesize
10KB

MD5
c0d3605ab7ba1779335372221c1366a4

SHA1
72583fc1f053fe355b8d05ec6b02992123f5c74d

SHA256
1752eb98480654f8c1d0acb96b1b74255b06bbf31395ba37b8fbb00afc59ed04

SHA512
7c54030f30b5c7309fcca18024c94823bc3b15908ebf59239ca74002e59ff908b224cc87cfdc3cc360e5df9f2fc680e26235b59362f84686d4e8b09df35ac1dd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

Filesize
649B

MD5
03de699b4bff0108016cdb270509dd15

SHA1
8a06cf1dfcfd3156e1f280d2173ab9ea60fb4582

SHA256
b65a2c072506259676d8daa5c466806c6f17c3bc08586fc2a3e37be4fdaa472f

SHA512
31b7d070e6303a2d4a78b68bbc6831879c0c6f842ff737a841268bf8b824c422acffa8c28247ee6c5809bf5300ec509ef7e51b2c3bd89a1e1c1fa9795333c6c4

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000004

Filesize
137KB

MD5
648113202a4477aceda7fea95fe9173b

SHA1
9445f12452e425da3097f33fb1e553f4a2cb9d52

SHA256
49df74a708de69eafe689a8ef90fffc1e384fadb1a21f2451d4cae251680d23f

SHA512
49335009b5fa7fc4973583e2bd3d9ee8425e4a29c2eeae2229e9e53a1f0b9263a447ab519411e0a13b5dba555b0ba1e4e9f1c994f54cf9ebdfc32ee10118188d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

Filesize
88KB

MD5
77e89b1c954303a8aa65ae10e18c1b51

SHA1
e2b15a0d930dcc11f0b38c95b1e68d1ca8334d73

SHA256
069a7cc0309c5d6fc99259d5d5a8e41926996bbae11dc8631a7303a0c2d8c953

SHA512
5780d3532af970f3942eecf731a43f04b0d2bdb9c0f1a262dbd1c3980bcc82fe6d2126236ad33c48ea5434d376de2214d84a9a2ccec46a0671886fe0aa5e5597

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000006

Filesize
64KB

MD5
2923c306256864061a11e426841fc44a

SHA1
d9bb657845d502acd69a15a66f9e667ce9b68351

SHA256
5bc3f12e012e1a39ac69afba923768b758089461ccea0b8391f682d91c0ed2fa

SHA512
f2614f699ac296ee1f81e32955c97d2c13177714dbd424e7f5f7de0d8869dd799d13c64929386ac9c942325456d26c4876a09341d17d7c9af4f80695d259cfea

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_00000d

Filesize
209KB

MD5
3e552d017d45f8fd93b94cfc86f842f2

SHA1
dbeebe83854328e2575ff67259e3fb6704b17a47

SHA256
27d9c4613df7a3c04da0b79c13217aa69992b441acb7e44bf2a7578ca87d97d6

SHA512
e616436f2f15615429c7c5c37de3990c3e86c5e1da7d75a0f524fc458b75d44a5be1a3648a628d63e1cf8aa062e08b538f2f2bc9c6a0b42157beb24f82c571d9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
1KB

MD5
0c393cc736690d42ee2238a1346f7535

SHA1
c40c04a7b28b17dbdd02cc46a1222cf8b85131dd

SHA256
003a1d5e5f35a69da710153f556fcaa2994a417c5d768da6666646c9078f15df

SHA512
8f7c64f7cebe0f6b1ab3afbcecac3f716d32a23cf2709cfd87c28f3a80e6eb8b374cb5892c832f686a033e2a411f2f2fcb3a1382ff63aa3a2e684536913e1aba

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
47585ada801857bc15fa0b5e903763c9

SHA1
066664a823086fa500a6996a61b48ad55b7a1809

SHA256
3c190ddbf5e050de92f41a1f96e051b365a4cc7a5e0427246bfef7b50ba7d13c

SHA512
b65749aedd5a516a7ebb18ee3dd058c516f924a8c675577e18e92593ff8ce167d78bcfbf2d18519cca7be66dbe4859dbf92be8f3248255e324155ca7a21c2dc7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
3KB

MD5
8e54770a2d2004f6074b726fca456ced

SHA1
010bb4b856b170b4410697b7c5458ab9ae5b75bf

SHA256
9de0d64f227db5eb936c80a407bf8cab8a68395fb101f83a57291dd6775df0a1

SHA512
3be826be269b53288cca109d923e016a5a54a6cbe7a32bb8dd130407fccaf6ab45af091138eadf1b90518bc1ce819193f1026cffb8059a2e3311783a82734342

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
0f9d03590507634310ec19f237bac82c

SHA1
1fb0e8603004eec4cd036b2bc6fc6f2a6cd6f5c7

SHA256
9997035cd5020b55e039f7300ecbf31e33215224d863ba9482dad509b27a1b77

SHA512
8082c5338c333c61a50717419af88b271a9254c87bb42695b3e1aab19f0068bc20ea8ea88bb9823f87b0a31f5b69007251fd04e87f2cbaf18c472117d1216360

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
1KB

MD5
26b5f15e62e37f39f687f8110354cc5f

SHA1
b184c6f00a7c0bd8a3282a46903402d8bddf7d63

SHA256
632e3a847262157d7c5529291c996562c3192f9fb9edb0c5d97a6ac47731b4bf

SHA512
b58b1eecceb6fe51985698ce6d6c899c9e42cfd236e7725151347d4596581a4b2af8034bf16bb9c13c1bdd8a96f1ba6672c18a286b70be97ffcf0e704ae9975a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
92c4a9da864304a6fee46f56e88d556a

SHA1
036d840985b4f836efc4db5c5e824b6390b8fab1

SHA256
38e877a62b910b5d76595115df271f76e715471a6ffe871bb9fdb4a75a8dd2ee

SHA512
75fa92e1b909c0e18a3c59c143c511ba397dc714f8400b4b435f2fb6f23210f1b882eff7d6b461c438ab5c0bd84ecc5fa9e7fc6b2bb9bd477db85158c997b8bd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
2d79ce454c14b7bbf4b40815cdb6d375

SHA1
be0401d156e381512551182b1c468d47f7207d9f

SHA256
2a75d967002058f8554bc9c67c127f25df8c76cf2b852c65a3f6b9a504bd8baa

SHA512
bf53ea4eed39378265f8881eba99b2a664cc08ebf9efc1a8b5bca4c81d3794afe5f5d942c0fc97cbb70a757c35a732523c6bc5df47ef172e6666355bdf830e53

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
68271f999ea83ae4da7791c7006a9c59

SHA1
6a78a1cffebfe3dcc17ec8e17c9a88fd6362fd6a

SHA256
01f112fa0231d4245be1028313ad6aaf03ee7e2474a765c2aa0585d125d687c9

SHA512
0660c4eb0b0fbceed35754764d9c210ad0f45ce64233b37d939b5a730fe5c17394d5566a47571868aec5bde9b6972b80cb13c43e2d83f0f47c8221b751753dbb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
be29bdb119cedb77df77f474a9b98182

SHA1
35a310d9ede49019e0ac1cbe68b5686c2450f63f

SHA256
e3f5b9d09513de310a7f95d2ddbca7afca116918c8ad735456295b5e5009e12c

SHA512
a826ddd5b150ef9f5dd0734349164449aa529a5e93377b43de1969019b86bac4a44c12cca68c152fca81194d0283085ff8cd29afee0ee7037345c3b149eb5e5e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
a00cbfa1fa73ebf94a63cc2f23eb6d3f

SHA1
ceed16df243bf7d255f3fb5340d022d33ec73d74

SHA256
36e7c0522c031ac2f4597e7c916c91e26c0adf09f07bb68cca26f2c157ce2d88

SHA512
bbf1e195a09acc5e029d259707646f5c204d0e07466b8ba6c6c9b51aa2fa2dd90328ae7df26e4fa32d9a47d333024d559ebbf49e4cb20a645bf05d8b0b35550e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
b92ccb70eac6d349ffb44d98b752ddf7

SHA1
0a5b4974c2a4a6bfe045a60f5b3ac4be09426ee6

SHA256
c6122bfc0ebff663b0a0bcda95c94a6ef9fdfad5d437212961fc592e8e919193

SHA512
45f2533c2977ba71254341b6d257ad05d471927b3f20c524133498a65dc9e71fd45405ed27134cd78aabfc6c186b303fd59aabedb3ce9628682da6d9df5f5299

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
1ebf42fce1f09839fc86b1ef3561c3e5

SHA1
4a8b09ca30f4240f83654952ec9a215b1e7fba4d

SHA256
4caaef0c6954e814c253d779334f19d92a36fdd59b413f2a1c39318e2bc5b1fe

SHA512
4eda7bd66ead2def7f21145a6f75fe21245a76dd98603d2b94f5a85a7d0b9daf53e584dd34fa3b3aac2a02c7b538105dfda55f82e48d47cb2822e801a0e6f156

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
6d1663dda5d9844162cb129ddcc74ffa

SHA1
c681633f3f515631cf1501c6bd49b88941cf531b

SHA256
4f418f8eb95ae6c5cd4853f3e43c306333be95238ed3d1b0a79d016571869e9b

SHA512
04112bee0b542224deebee5480d9d7385e059d7009b1b991b93fc6d0b5f95011c1b958f90e973aaa498bba924f481f8854e1f091361455d3cecfbe47c95c7923

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
472329868c2de9d1f3bba66f2d348576

SHA1
19a5a5ea6e394f8db6a0fb522c5b8b16a76c4a3f

SHA256
f82e8ce8f6fc21cd1b5240a26c1cf889b5f57a6953c3d229077dccf679c933c8

SHA512
3a30f6451886c30fc551f68aada8b87cce3f3101e65785e4251505413b54ee5d48730d81ccef2b2a525ff1d7ed73f86924a11b26c0677215686868036f81ced6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
74a9cec1986a11337b8b5ab4be107332

SHA1
7d0410ee61ae27d417dc683696cde2b8cddb7ed6

SHA256
d827ef3df53dedd82640f4c9cb78c2998f030c79b61c9716bd7e7af8e55985e7

SHA512
c8ee77154777b024920826ae50f75b20277ed4bc64a545bc1d1567df7dd2966a0ca1a3a956c70971da70dea3dc8f02d7af86479b9e43734c7dafc846b90bb2e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
25a4860c3554c71395632a49750ca803

SHA1
d7c4b9ccd1bc7b2bbef35c1d89e06aae11a9306c

SHA256
a8dbe5e37ef09936399853f20e2ba157f63512b4a4e9fb21cce8ab7bc12b902e

SHA512
527e0b9d6938d6637a6d7b6fd4271ec1fe592c0d52e17b0c8e592c34a5bc9fa847f6da73a74815a7f8e1d77d433e76191f5c130a5a2edb7a5c8fb3153f25b013

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
01d28e91845db5f4334f0383ffdda437

SHA1
921fe65380fa9504d9820513df25c5f169215d10

SHA256
33938e41e8d51565c3a876f46760d11b290a08f4ac02aefb0b0deb2af7de1e77

SHA512
35f0da5dca6ee579f987e29fa8ad94a4ff52676d5d7ff9c51cafd2211dcb762e4f2caac5ab0499757958e23d3494042565d6343ae7b8acb118f8df0b3892c1e8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
7fecea459c73d00d5f24f381581f2600

SHA1
e42873da838512be66a5eb8a5f1d17c011dd2435

SHA256
bad71c1e3c6e26344b3b7e676d3ac7b07c343cd174f3d98734ca6fec1537bb85

SHA512
6b06270a3fb959ef639aa6d43f67aebe96daafa58b1886abb963d566199ab72594d9c39dbeb0b46fcf773924abd5c6fa32746f8994fdf45a21ae99c700909c23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
10KB

MD5
cb193dcecb7d7f24bf804ef2dd449c99

SHA1
c6d737c90999ed90c073bf7b7639093e33815e1c

SHA256
47e90be7193091331191ed9bb6d010a24d6555fad684efcb0ba238efd400438b

SHA512
306cc6eca71a22cf382aac11c9cc4c9407e7cdcc087c9a87faae3bb35c70e801d945377cd1be3c19d64dc94fedd9d312d380c13e374f2f95893cf06a21b929ca

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
7b8a73c1eb1a7ddb5a036d5c1064f97a

SHA1
bf57c9dbb11a0957d9088bb2bcde0b63301f2b61

SHA256
b64ce70d9ee34bbe728e0179bbfd9092036f050b2bcbe552db27ec26917ccddd

SHA512
69b5d615b25ae97881513959e6ef99e0d6e352f34da1251ffc6f9710a858ba7a632c3696fea06f66adeaa5672f1d7eaf91ec248a5821f39a22941ef8798d7ef5

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
4afb22a62bb80b9e72cd1a4ffa77e089

SHA1
ad85b830a144a06e9baac050c58320b116833351

SHA256
d5ff821c45488ebd8ff46b49fdcedcf1ba66233aaf1cbb7fd8e39c858b51929a

SHA512
9129b830f0e6f3af8478e6799bae247a29d89071dc2b290e6b32583d7d02c2934400ffcf67334a8a462f1453deb054b3a97178caa5c2fc5227ff01f7023102ef

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\cache2\entries\8709E8A0A3A140D3BA059C3A07420EF01DA5FB25

Filesize
32KB

MD5
05f0fc4a7f4a6efce7b431f518387580

SHA1
8ddfa34052fd29ba078ceafc22bf3710c7972160

SHA256
6af7ec956e64b42b9b226fb386bae6092d591f9c57bb1a885be218eb34754883

SHA512
dfd31287db52491c27ef2da9694a89624ac3ec2c63d0104f34b5f8d66ecd585d133f67d3fb6cbfe5671465a0329649d9d69f14b420775b5b0a1a5f0389efd2c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\xmd08l7e.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
7KB

MD5
c460716b62456449360b23cf5663f275

SHA1
06573a83d88286153066bae7062cc9300e567d92

SHA256
0ec0f16f92d876a9c1140d4c11e2b346a9292984d9a854360e54e99fdcd99cc0

SHA512
476bc3a333aace4c75d9a971ef202d5889561e10d237792ca89f8d379280262ce98cf3d4728460696f8d7ff429a508237764bf4a9ccb59fd615aee07bdcadf30

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
7KB

MD5
366628462c74e65a5c7f5dd698f17aa2

SHA1
c8b65841aef68369e7ffcf9b51584c76c0ab53ed

SHA256
d434a9efc3b75ce8fa8ccc56253d859ad9b44b5c714f97c44e52057c9b92d640

SHA512
2763672656663b3ce454362a19efd70a81451ef252001938eca1531bd918bada58435acb755664b1f5638ce7970f66bdd35fb8c84311586d729782e0b55f21cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\AlternateServices.bin

Filesize
12KB

MD5
05468260792fa1d67c87b63121e6013e

SHA1
b87113e20a0a8bfb66b11cdf07dbd1db1f141737

SHA256
3712c7e458fe745f664c133c65c6b463c469c609d382d76c0f2dc0d8709c0051

SHA512
3eb98fab21205fdfa8471ec4c301b0799cd26e2d86c66a8a70ef786bad243445e77137925864f9354fc3a25caae324bfa92d77f3d0d1c3a00f1cc6d6bcd1a262

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
8d929fbb7aa5e7c9f9fda8b9f5d2e8a4

SHA1
dea36e8eae8d01620ed22c2960f381aa58066322

SHA256
2f89ef2e0938363aca644087c68b751f5bf776f1ed216797a993579e8fb75709

SHA512
88424102ba0a05c4a28041da17c466314a82608463758f96e6dd283e861c9a77fa0f2aa0ec42317d22f47629f432ea2280b1659110c805d5f6ce4e47287f2454

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5ebc1fee7803ac38cd41eb00120969f7

SHA1
c071849ec34b36f53cd21fd85fb7f13e39b5b632

SHA256
6670a1dc1b47f40d54cb912ddcf131131ea86c362401710d4e96d57a537fcac1

SHA512
439d9ad7bfdf874290d41b568480e5b5b05ab6acc125f817c9e17ec620b0816991dac5e52102b0fb28059be74f5a2375190fd625f13a0c837fb2880e6bc7800f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\8decb89e-015e-49fd-bf59-faad40ab99d0

Filesize
28KB

MD5
18bb459536346503743e1ded024ed085

SHA1
25ee3371430f336e15cb242d1ebe7a7bffa19916

SHA256
dae0e4453456be0574facd45c4d423afabc9b34e99c7b9f2604621db3e4f7eda

SHA512
e71d6dde1633bdf3ccc40d0d0635a052b1e24c2ea4833e3a3bede99ba5d3c00e26293f5ef790fbf298633fd8e4b7ce52355dc93b2c9dc88dbf7e4939ce62ee57

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\9c8f0892-18af-4636-ade8-38655a8a38c3

Filesize
982B

MD5
07ff7d8ee059889e371437f3d7e2aaa0

SHA1
1eae286855c4312f2021c6ca82264403ea112d8c

SHA256
41b794ef456b81ad292195fd7654a2c2ee1cc1a09eb77734f9efeeb896aea47a

SHA512
82641c65ae6a19f4c1fadbad5f2a2218599da145906d9d2519738bc9b51ced9ccb64b2c6169c7822788c5feea0a9a1b26affd1a6278aa5757a16a649855fc5fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\datareporting\glean\pending_pings\d243e7dc-2d70-4517-a1b1-34024d8b948c

Filesize
671B

MD5
c27ebf63a49e0fd5f64d59c972038079

SHA1
2b6e97e7f568d7f20f0c50aa6b991fbfe50b56e4

SHA256
b485b97e01bc969686abad62419f2a0126839ba4d443ae167716e01e6a11e1fd

SHA512
bc6fbd51f01b3cfc116090219bd387d04c64427a0ae90cbfc893ed8186cb668c655c708376f87b77d44d45f1d113536d08203f6dfb779b57864441ba004133fd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
c95e89bd8ab1854bb7e64c9d8eac77c5

SHA1
f670c18a54ee0a64ab6b91d17c6b952ac41d7705

SHA256
f1e7c1322ffe3ef68a52d8bbc8f3e5e4d623db72845ab9fe3660f89c741424a3

SHA512
22b271d8b132c170235205f17ee990c6b134d4a1298a853363d049130507cbe510b6511ecaf36740b9cc0b791cdac18b43934b5fde282a2bd80cd1996ff896b9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs-1.js

Filesize
11KB

MD5
b1ab4f3ddf42fdaf319fcfb116d9ac98

SHA1
1b4949a55ec77426f41de2be57968bcf269447d7

SHA256
83931ceeee268392e7f9182aa99a2e385b88f8de9bc544dc0524720805506138

SHA512
bd78d20860dc5067b7cc0de26f71066727447186b94eb8c9298daee8f2f16859268f569f32b87b9c384e2d65c9a635166537ec736caed44acd6c8701d66d5209

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
e77953df347c4bd18b156d1be7642dc8

SHA1
f7c3ef74ccb3fefaedd9b0c4d4e17dce3cbae39b

SHA256
2a2e7ef24c0841c39712256a145fdac6e4685df01fde2bec38c0951679919cee

SHA512
e6a6ff5f131d8597f1ecf0a8ad17739cc00ccb27cede9c78b575dfb67d055d43fa0cc9de4530f2f5824d8bb4f5e638b9611e085392476790db64c41684a8c9c6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\prefs.js

Filesize
11KB

MD5
31dd3248fde63077463c7a239f19b86b

SHA1
53f40daf70905ff409a28afd4539e6a7209acd87

SHA256
a8fd59211b42dc52da0ec6f97d61a1caa824bbb59ad45c7606844009b7673f93

SHA512
59ec2615af0b34fa9092b2e174288d00e2e2c3f2c9f6008cdbc67ce0f0859abaada13a52989461bfc06235d7276d5bdfb277f33f20e6bd79df153dafa9c3d18b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\xmd08l7e.default-release\sessionstore-backups\recovery.baklz4

Filesize
3KB

MD5
cdf9623692470a2e870a0abe9aa4ab4b

SHA1
9887f4170be7bb7e60828305d047ad9621e9b279

SHA256
e2c5b96bd58c54fa2f7dd16bee2f3cf7a91053ab31934b206fe9dd6b7c767083

SHA512
757498ce279cecbf942ff0f1b43c62da73ae6ff663c5cb393c693fde6c1fde44bcfbe079ccb5f2042bdaf14afe32d7d53eb8fc7ae6cac94b7b9477c3b6ef7ed1

Download Submit