Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
150s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system -
submitted
12/09/2024, 14:46
Static task
static1
URLScan task
urlscan1
Behavioral task
behavioral1
Sample
https://discord.gg/es7
Resource
win10v2004-20240802-en
General
-
Target
https://discord.gg/es7
Malware Config
Signatures
-
Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs
flow ioc 13 discord.com 16 discord.com -
Checks processor information in registry 2 TTPs 12 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe -
Enumerates system info in registry 2 TTPs 3 IoCs
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer msedge.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName msedge.exe -
Modifies registry class 2 IoCs
description ioc Process Key created \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-2392887640-1187051047-2909758433-1000\{A0031B91-C26F-49E7-BA06-E3F8120B2BA4} msedge.exe Key created \REGISTRY\USER\S-1-5-21-2392887640-1187051047-2909758433-1000_Classes\Local Settings firefox.exe -
Suspicious behavior: EnumeratesProcesses 12 IoCs
pid Process 484 msedge.exe 484 msedge.exe 1660 msedge.exe 1660 msedge.exe 1776 msedge.exe 1776 msedge.exe 3960 identity_helper.exe 3960 identity_helper.exe 5224 msedge.exe 5224 msedge.exe 5224 msedge.exe 5224 msedge.exe -
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 20 IoCs
pid Process 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: 33 3216 AUDIODG.EXE Token: SeIncBasePriorityPrivilege 3216 AUDIODG.EXE Token: SeDebugPrivilege 3008 firefox.exe Token: SeDebugPrivilege 3008 firefox.exe -
Suspicious use of FindShellTrayWindow 46 IoCs
pid Process 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe -
Suspicious use of SendNotifyMessage 44 IoCs
pid Process 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 1660 msedge.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe 3008 firefox.exe -
Suspicious use of SetWindowsHookEx 1 IoCs
pid Process 3008 firefox.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1660 wrote to memory of 732 1660 msedge.exe 83 PID 1660 wrote to memory of 732 1660 msedge.exe 83 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 4652 1660 msedge.exe 84 PID 1660 wrote to memory of 484 1660 msedge.exe 85 PID 1660 wrote to memory of 484 1660 msedge.exe 85 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 PID 1660 wrote to memory of 4924 1660 msedge.exe 86 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://discord.gg/es71⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1660 -
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffd2db746f8,0x7ffd2db74708,0x7ffd2db747182⤵PID:732
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:22⤵PID:4652
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2136 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
PID:484
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2828 /prefetch:82⤵PID:4924
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3320 /prefetch:12⤵PID:3896
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3340 /prefetch:12⤵PID:2332
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5056 /prefetch:12⤵PID:2336
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=4136 /prefetch:82⤵PID:1852
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=4160 /prefetch:82⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
PID:1776
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵PID:3556
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
PID:3960
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:12⤵PID:4584
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5188 /prefetch:12⤵PID:4712
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1784 /prefetch:12⤵PID:1040
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5172 /prefetch:12⤵PID:4516
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:12⤵PID:3608
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:12⤵PID:5212
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2720 /prefetch:12⤵PID:5228
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6188 /prefetch:12⤵PID:6172
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6604 /prefetch:12⤵PID:6388
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6572 /prefetch:12⤵PID:6848
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:12⤵PID:6300
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2128 /prefetch:12⤵PID:6540
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5180 /prefetch:12⤵PID:6724
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5720 /prefetch:12⤵PID:5976
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5272 /prefetch:12⤵PID:5992
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5088 /prefetch:12⤵PID:4680
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2340 /prefetch:22⤵
- Suspicious behavior: EnumeratesProcesses
PID:5224
-
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2052,439994221481554869,1736882838147950943,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵PID:6564
-
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:5028
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵PID:3968
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x498 0x50c1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3216
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵PID:2308
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3008 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1912 -prefMapHandle 1904 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {948ea8da-cded-4032-ba73-60d584f08aae} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" gpu3⤵PID:4460
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2396 -parentBuildID 20240401114208 -prefsHandle 2392 -prefMapHandle 2388 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf9626b4-95bc-4825-8982-59c2e48b7f58} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" socket3⤵
- Checks processor information in registry
PID:4680
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2684 -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2820 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4a9d9e35-79d5-4587-8d27-9f79aa859d1f} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab3⤵PID:5376
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3092 -childID 2 -isForBrowser -prefsHandle 3184 -prefMapHandle 2932 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ffe9d5e-a40f-4c84-8efe-e0eccc3e6b04} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab3⤵PID:5568
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4820 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4884 -prefMapHandle 4880 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c90cec48-592a-476e-ba43-235a1b900010} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" utility3⤵
- Checks processor information in registry
PID:5640
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 3 -isForBrowser -prefsHandle 5260 -prefMapHandle 3636 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f62daabe-2a45-4dae-98e4-da13fed49833} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab3⤵PID:6516
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5448 -childID 4 -isForBrowser -prefsHandle 5524 -prefMapHandle 5520 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8914ff2c-a856-459f-865e-046e082ac28a} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab3⤵PID:6536
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5656 -childID 5 -isForBrowser -prefsHandle 5668 -prefMapHandle 5612 -prefsLen 26944 -prefMapSize 244658 -jsInitHandle 1224 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0702a7be-6516-45d2-840f-2646ca64cad5} 3008 "\\.\pipe\gecko-crash-server-pipe.3008" tab3⤵PID:6552
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
152B
MD5eeaa8087eba2f63f31e599f6a7b46ef4
SHA1f639519deee0766a39cfe258d2ac48e3a9d5ac03
SHA25650fe80c9435f601c30517d10f6a8a0ca6ff8ca2add7584df377371b5a5dbe2d9
SHA512eaabfad92c84f422267615c55a863af12823c5e791bdcb30cabe17f72025e07df7383cf6cf0f08e28aa18a31c2aac5985cf5281a403e22fbcc1fb5e61c49fc3c
-
Filesize
152B
MD5b9569e123772ae290f9bac07e0d31748
SHA15806ed9b301d4178a959b26d7b7ccf2c0abc6741
SHA25620ab88e23fb88186b82047cd0d6dc3cfa23422e4fd2b8f3c8437546a2a842c2b
SHA512cfad8ce716ac815b37e8cc0e30141bfb3ca7f0d4ef101289bddcf6ed3c579bc34d369f2ec2f2dab98707843015633988eb97f1e911728031dd897750b8587795
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8e1c3013-a580-41f6-b1d9-11710c86545e.tmp
Filesize2KB
MD5e27e877fee0c54d989861a00e2d437e3
SHA15266d751048cc86f35b9458fc4e21643398e67f8
SHA25664a6002ded90a4073cfe625f58db1e9ca2c80682100d32ecd36df3280c1e6f49
SHA512f4dcb34a2bbb372b4bbee34d3899b65c7ca6b3917a06badd23152f3ecc37398ac0953ae4bd8e0e1860c457d8d807df7bec95885f3fe82d9986951505a55b058a
-
Filesize
38KB
MD5ff5eccde83f118cea0224ebbb9dc3179
SHA10ad305614c46bdb6b7bb3445c2430e12aecee879
SHA25613da02ce62b1a388a7c8d6f3bd286fe774ee2b91ac63d281523e80b2a8a063bc
SHA51203dc88f429dd72d9433605c7c0f5659ad8d72f222da0bb6bf03b46f4a509b17ec2181af5db180c2f6d11c02f39a871c651be82e28fb5859037e1bbf6a7a20f6b
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize2KB
MD5879a8cb1cf8c672fad9e1523785e8428
SHA15344dd218d9886427cf23ff58b78a404b3eb785f
SHA256bd9786787ed13d30f31ba73b2a87bcccefb7a75d662e21be7ae0b04edf03943d
SHA512a2e6a87d711282d6a2a4bc865bdfd6b1e51a0ce20db116540185f8182e64893e2bd439ece2e2254bb3aa3f14a5ce1b51c077decef000b5051a916a4269a02dd5
-
Filesize
1KB
MD59d6b76b00c1a6f774f4851b4373f850b
SHA1ffaf2db3cd91c803a73eebd86ebf8764489a3d51
SHA2561ec7fe8a03ca1e5cf823837b39530b5d852e8bed7f1747891884eae764141ac6
SHA5122f331ac008c8fafcfa972cb69d84d477b7128c38a0d973176ef1b07de1550e9fad7c0b67545edd3006ce2fff8f4ab41cd771680dafe3479710c2579b76fd0390
-
Filesize
836B
MD50a1f48651f6f6bae47959470580c33de
SHA1a761a248c98e810c70b4f5b252efa60be9ba72c4
SHA256117a26c399e644846dc61572c63e73028b2f4d7610e23a97af6941aad88739ed
SHA5129afac25e4909506c5792bd0e9d402c4a0976d3125f9d08be97411e09c910022626dcb9296932e37dd945b818765db0ccde06ffe6233ad720a5c033e4d10c3ca2
-
Filesize
6KB
MD508da5f2b2460239b6668aadbd7de98b7
SHA1f616cd036d7fd6bcb83fcafe6c9a1aafbdb4e602
SHA256b6adf407128208b3adf00b116e5f1c71275aaf88628fe00519359af1bd483eb2
SHA512fa8e7ce9660b327b339324ecb1586cb83cc65882072d89c2b62b726954b02b306ce5e6434bec1c6df56a32531836bf44e4e42aff1e719f5c342f2c9f5fcd4d3a
-
Filesize
7KB
MD58044a985a8663bb6638f8218d630ef8a
SHA139a22bc69ec2310889f5210eb56da2340c463ad5
SHA25687b6a20d9e56866c8c6c6d89a55132a6c4b5b3c375bc45f8e485a21bb0be8cdb
SHA5122fdced4a0cb3bce63322e3a460f77ae4c8e0406be0c8451b4f3e7c55e96ba652a0356ebb6a3852bfe5fe38496178fdbbf866b1adab9c68a92ac73911728f90c0
-
Filesize
5KB
MD52ae4330e2f8f48d869af1e7becef921e
SHA176fe6d18845fd34c3e6e025fc5e3a8ef4a131bf9
SHA2565d7e009835f817d820038bd17132a65555642d000828f5cbe0db637a74987ca6
SHA512232c30f592d4b40500b7dd9eff6593d6e362e7f94b7de60689588a80f67d2ed6901728dcac202a3ca9070128fc918c4bdca8190fd6e17d0c041b847a1e8b31b6
-
Filesize
7KB
MD55947ad9539c6d35d8e028b38f5cf7fc9
SHA102ca789f719c33c4be1f182b8a712c114aba2828
SHA256737982b61f7b7e4891291c383fd6c0073f95d01de14f570ac1e405363546307c
SHA51210e58e8b71b31e292147212f5cf73c4ffb4b6c7e11cb40b845a1f4a003c6c62c4b6474e553f1c78c9a1280a1dc8b71c2f7a9b2dc04d282471b6cef190dabde18
-
Filesize
6KB
MD5b939db50a3517e5d659b14e0067eadd3
SHA123657c69883230bf610c43c0a4a32508ed137eea
SHA25678c06fc97e6c46a093f40de16e8d43f6c4bf7585f063be70d276d97b99f8f1c8
SHA51209e161c378ad406fe5a9acd47cc55949f74d06cdc6d5bb88d822ce7981c19f020ee0cb0b25236640c30f04882bb757a77dae0c4556431ace4ba2d4de6ccbebf9
-
Filesize
7KB
MD5d17369aa3e4b4be92ac7d3dfc8ec4e59
SHA1ca110033cf535faa4e3e4328df3a67d4c3f1b3b0
SHA256f634056e490cb7f56fb08cfcbd2d26f07f3738033c7f562d44445f3c8dcfff1a
SHA512d1d7d942a0a3769c975a7847a1c6097ef67d00ffecbb3e41529c329233739a323a2434f63a15d00856d1ac9738520af514106f6eb53e63b0caaa1ef81ea4a942
-
Filesize
7KB
MD5664769604fe453d78f5c7fd86acb7fdf
SHA1e2e2875d766416b810a9ad0cd82cbef75f6af19b
SHA2568da9c494937755895a852b079b992aef39626c060e552a575d6cd05e5a557da3
SHA512c6c2a05bd140353c7cfbfc03c77b12c06f0d6d59f6ec3d36f5815b8af229b29566e5248f68956459455a3a58fcc17e21b793c88e7b1e7135050163a9bfc0e45c
-
Filesize
6KB
MD562b9da56ddd686876f843265a3afe9c5
SHA1d3c74c27436818c255b944aa6c982e521be29801
SHA25675e82cad87bb59179d2822f1685fdc36b6272a0c80b7af206846b97ec5607b14
SHA5126e45372bd1d332a15bda736971b2a1696a24bcf38b816d03dafbf5ff42f3e674887884b2456a0bfd2a1e716874bdc7b4fd1c2db718d28afa9450c7e4d72416be
-
Filesize
1KB
MD5fa1ff5becd2fdafc188746fb75f2dcd4
SHA1532f544827c437cf8a9657d565526d0e62b04e1d
SHA256815bdca7b11a7587548d1551823eb61aef71486a3857e20ac9d923da965bf6bd
SHA512ebb29b724ae5aa88095bc50b902d9f3fd2a6d78bc942db03213fa6a59ddfaedda7f1e063c8d89df27e638a04b5090d741fc571f33b1f9ceb72ce15e88819ac27
-
Filesize
3KB
MD53d35895beaa3d42e988c4cff6a4d5f7c
SHA1d204b8f0461682694077cfb0341cab774c3fa698
SHA256e8e30d50329d7781e38f3b1debdb0e8e04c5493c53cf9f02a339a977d7787474
SHA5123216a0a6e8fb3bd893b5c472a59bdf9be2da41c7c0cdab1395a84a51bf39c0c503eb3c8d0690695e615bba851a7d9156015df17dbac5ae67e1cce58dd625c18b
-
Filesize
1KB
MD568066f5341256fbb906841caed9536f1
SHA123b24e24d632ee18329a5b956c641c973da12ebc
SHA25619248d15fd1a72bd621f3864d70274ea253d5fe5a7287214f3695f2dae67ece5
SHA512a61e7cf613c7c5dea04f1eaf3535a1128be00eb218fe88b0400d8f588b8093af21901bf72a8faa2dc76f73f43dd6c6b45116e1c8fd9637c1348c869f2177c932
-
Filesize
2KB
MD560d56f16593627d40ff283ca9afaf90c
SHA193881573be64026f9804626ae1e32bc58437e0c6
SHA2564ef94fd1aa439abdcc129c71fed6424abfeec6c9b4028166095b8121452f8567
SHA5121c768a16caaec5fbbafa2a58f90d8e7a2683d9c30a79b7dbfaaec9041bb6ad0fa2a8bb3a463486be073e2da9aeb5cd3449aff743a14d0608c7103cb54b02d01b
-
Filesize
1KB
MD5b3f50e00d3505e33977da89c866d3dd8
SHA1eaba9f9dbaa68737ed09f0ca2b55e2db7347d4ea
SHA25621720ee43ad444a3f9179255d2cc86b67f4f5a97d9c0e79a2ac01119ee800ecf
SHA5129ab0c55dfd5d1ef4b872bf61ca7a089c7adead15d7e92f176547f7bedfca777289ccabaff17969e6578751dd73a189d6d872dc81d3e984c4c265958b79525f1a
-
Filesize
1KB
MD5a6d4a04699454c4e540513308665955f
SHA1ce5227b6c47e24d2a4ea1eebc1b8da59f17f7572
SHA25659c79b6d909d6c8bee2c175cbb679bdd06fb99ba127448dde7a95022306340a0
SHA512ef1002e4410beb33a40877b712741446a8e33a93199e6e978022e2ae951397ba7d698e030f281343762da8fb2f04e2bd541d4e09113e9bab7a4b97330b49b34f
-
Filesize
2KB
MD5432fd8628463124241aba80bf330d047
SHA1c8c3b5fcbce746d1de0e1d5f0bd3447dc9a8432b
SHA256747d897cb791bed75151bb2d4b4b3a7274382d06faec7ad3bc82433c533360c0
SHA512ae7f3b769a3494158096492b79e4d3a830bf28de35028e541e125530ec93783c188243478f17935044c54bbc6ae06709fca41f99cf802319472ec8ccffdc3cdf
-
Filesize
1KB
MD58bc30b8c52c2b77032732289338f5cf5
SHA109af10dde28acf3c8a62490365e29276c08e10d8
SHA2563bc498e1c0aef9e07c947b5a3faac026d14a4f0b9dfda564250e8906fb600ae7
SHA512c73521f04325ccd63290ba9fc068be61d07f2a62b01a64709faa4f3608ffd7e3f070c868b59bc2800a1ebdadbb0622857bed9035f6a07a7a94fd8937c77f4b2a
-
Filesize
370B
MD549acd0cea68026cf1299254c6f555f4c
SHA199f34b98c682bdcff6682fafc38ef2158f014523
SHA25691fa32babe4f23ab2c92083193a03c8e91f59a4de80e5f82867dcb6b2b31ad0e
SHA5126cd290bd2d5a1d79198dfbd573233b7c538a1176525b5eceec71c7fa60cf985e9c2b4dc29ad8923fef0efba1ebe1777f0d06d339b133ef66db986bcfd67d6f05
-
Filesize
16B
MD56752a1d65b201c13b62ea44016eb221f
SHA158ecf154d01a62233ed7fb494ace3c3d4ffce08b
SHA2560861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd
SHA5129cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389
-
Filesize
10KB
MD59f64ded2ea49e14436d8709f6c9a4ed1
SHA12323afc382af0f3235c7c83a12a5b09f9104cced
SHA2569d7baa1ef6d5939cc8ecba5d756709083a3c48f4390eb66dd2f175a509a4d5fc
SHA5129bae46708265412f5d7051d3f25af398edb4f7f9dcc1d7bc39c47e6728cc3086862dd83db226367f67ae7b98f0b0ba9d4379a93190853bfea0981d19fb02297e
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\illkw0pr.default-release\activity-stream.discovery_stream.json
Filesize28KB
MD588955510cebaccd5dd4648ad5cbddd3a
SHA1e1f258b61d046f1308dc07a277c5c990209e56c8
SHA256f1fd29319fa2dcc3f3918c71b4fd415b0e9f7adad646f0124f7a97bea797079f
SHA5124374a09d8b2fb6040e7a949f01e836f632c140cfeee1280440aa19a8f8fc835584cada9066ec384469bfa39195ec23af9938c68360e20d348641be3a3f05714b
-
Filesize
2B
MD5f3b25701fe362ec84616a93a45ce9998
SHA1d62636d8caec13f04e28442a0a6fa1afeb024bbb
SHA256b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209
SHA51298c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5a1f8edee3ee7ca2d4c9fc64dccbca1bb
SHA1fdf899d0a289f452071683d80566aaba5177cd9d
SHA256e7472e8ffa12f680164d16c9d472e6c0ebd06a280561d8531c7641b15772428a
SHA5122d9cbcf0b9a83ff69a3d7077083b44ab13a53c3dc3a2b9ec6f68ece5c27bc4f5fa5a2e7faa20086eda5a6aaecf2f23a6ffc539015412467ba8ac94b04f3a73a6
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD5e3fb862c39280427fe78260b70a94427
SHA1502219c7c636060bb9a7448774f5cfc1ce667cc3
SHA25691f89c2454c23fd93e6f7d1d2bb3e700b3f5d670a884664bb283312fc9808809
SHA512e5426361f2a723eafaba0c7beaf14c0ee40590737a6bea5651d6b3a8a94c6ada1505f3e5039829fe1f52f27d49bb066bf8b9c8cba198b3aa0a1b1cbb3a932dec
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
Filesize6KB
MD57f1f951e2c8c7f1a16634d1e3500b76f
SHA12f261d7f7661b889f830b5e1fca15ecff473d17f
SHA256aed4745617b782296ce15ad171478468e05a8acf843a4e1a9a213335ca39968e
SHA5123c184bb78113355370ed5c0074d8feb041b5a2c8171a593f7108b1d330458e6e420ab66efd34ce1cb7cd8c65e7eafcac0f7a8996b988340c9d758ed105de7873
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\db\data.safe.tmp
Filesize5KB
MD567730c20bd8e3d496b0e42ee6779593f
SHA10ca69766c9188adabacb3329e69d42569f48f11e
SHA256ee515341406418ea6119f17904b813ff2507832ca084624f5cb0194abe18b6e8
SHA5126c5c91d8d5b478fabea7feceb5ba3d21b6e3552e5e5e05dfd69afcdff7bea6279100ebc1f9c581b2ba878e48d9abd7d5d7f60cfe3deaa17b9ac1b493b936e423
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\117cd82f-6a71-4f59-af91-e89b8055df4e
Filesize982B
MD5f91087d3c6d8fe08331fb163309a0b47
SHA19ef545c4cdff1bfc5dc72c6d21d8b137d5475c45
SHA256cac9fd99c01c8a144fe8285faa86ca2b09706915513eba6fa26585afb014f437
SHA5122595a96a7b6f0723e4ce861f1acf736ebc602483ecd55d5ead4ad917fd910abe5f21560203c10b2a2b6063a3ff00ba19d4bcf1b0cb42f2b00e74ac423124dad4
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\364fdf1b-7d5b-4558-970a-37ed178084e2
Filesize26KB
MD557a058c57289c15a36d7c6fcc6d55f08
SHA1702d25b4c9f068b1c5bbf93938352155fecb9a21
SHA2568faae7d588089342e97d1c6b4a43f8c865349e1a75e3f5eb89c8429589d03cbc
SHA512a3f9cb16d80f7e35e7efea6851be77b7b30875160517cfe3bf3c6ee3959c984d2084c557c96f0e70f1bb763652cbd5696c67b637600b46cc1d77638b6a1e7752
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\datareporting\glean\pending_pings\94e2c758-488d-4b45-ad92-2a71ebfe24a0
Filesize671B
MD59356712058397483b8f999f20ef89952
SHA180aa7b5855a49dde5027d4b1d7d883cba263c080
SHA256a98d23a5d9b068dab6ca6e7746a0df23916479c730d5edb3d400b95dc12810d8
SHA5122ccba6d4392a89f4a7f73c3dc2d78c0bcf27f7461de4b0b90a0d7530791275d123b78d07526dde254bd60a028d2d98e7dd46697fdd9794ea6826c9cd6bd68e75
-
Filesize
11KB
MD52d7b49d932b8095b6f1d0d4199238bcd
SHA186fd879f33eff6cc0754179f2faab95261cd39db
SHA256050b72d61cc470410ece9c0866216d856a01ef9bef1e38d944321f5a5fbcd418
SHA512b15762455ae6d4d036fa17263bd9de55e46d08d8943f37e163b60760edfa82f5fd451895125851f7db1d42a91823192d47c8dd2ef1b8f8d8e5cbf403bca45832
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\illkw0pr.default-release\sessionCheckpoints.json
Filesize288B
MD5948a7403e323297c6bb8a5c791b42866
SHA188a555717e8a4a33eccfb7d47a2a4aa31038f9c0
SHA2562fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e
SHA51217e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a