c1116053bbac19ab273dc120c2984c235d116cdcc9e3ac437951b55465fd7063

Analysis

max time kernel
149s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
28-09-2024 06:32

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

0x0007000000016d33-4.exe
Size

508KB
MD5

da9e9a98a7cf8da14f9e3c9973328fb7
SHA1

42e37cbfa37877d247ebd37d9553cb6224d6bee6
SHA256

c1116053bbac19ab273dc120c2984c235d116cdcc9e3ac437951b55465fd7063
SHA512

ce98f1984a3db301df7c1078dc6014fc1a03a1643c5635ef59775ee8019fbae4e07c16e99ec3d1998f45947d57493ada96e5116c359a590b14573833eec17343
SSDEEP

12288:EXQrSFtNwn1jAh0zOFJ2+l9AlstfWETRN:0wn1jAh0zQJ9TtDRN

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1302416131-1437503476-2806442725-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
536	chrome.exe
536	chrome.exe
5356	msedge.exe
5356	msedge.exe
4496	msedge.exe
4496	msedge.exe
6580	identity_helper.exe
6580	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
536	chrome.exe
536	chrome.exe
536	chrome.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	5020	0x0007000000016d33-4.exe
Token: SeDebugPrivilege	4552	firefox.exe
Token: SeDebugPrivilege	4552	firefox.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe
Token: SeCreatePagefilePrivilege	536	chrome.exe
Token: SeShutdownPrivilege	536	chrome.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
4552	firefox.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
536	chrome.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe
4496	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
4552	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 2608 wrote to memory of 4552	2608	firefox.exe	94
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2244	4552	firefox.exe	95
PID 4552 wrote to memory of 2892	4552	firefox.exe	96
PID 4552 wrote to memory of 2892	4552	firefox.exe	96
PID 4552 wrote to memory of 2892	4552	firefox.exe	96
PID 4552 wrote to memory of 2892	4552	firefox.exe	96
PID 4552 wrote to memory of 2892	4552	firefox.exe	96
PID 4552 wrote to memory of 2892	4552	firefox.exe	96
PID 4552 wrote to memory of 2892	4552	firefox.exe	96
PID 4552 wrote to memory of 2892	4552	firefox.exe	96

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\0x0007000000016d33-4.exe
"C:\Users\Admin\AppData\Local\Temp\0x0007000000016d33-4.exe"
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:5020

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:2608
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4552
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1996 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3d702696-afcc-4ace-b1c2-00700f7961c1} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" gpu
    3⤵
    PID:2244
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d6b22a14-f1d0-41a6-a76c-dbdf3906111d} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" socket
    3⤵
    PID:2892
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2992 -childID 1 -isForBrowser -prefsHandle 3076 -prefMapHandle 2568 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {287aa93b-3d77-4d18-b6f5-5465d80d97e6} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab
    3⤵
    PID:4916
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3772 -childID 2 -isForBrowser -prefsHandle 3200 -prefMapHandle 3172 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {7684cb3f-3a00-4834-8ffe-db747a7c15e4} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab
    3⤵
    PID:2040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4980 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4732 -prefMapHandle 4720 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {72267ff6-ab83-498f-9ec2-402d194cecee} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" utility
    3⤵
    - Checks processor information in registry
    PID:320
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5132 -childID 3 -isForBrowser -prefsHandle 5168 -prefMapHandle 5164 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1ce7d2f7-5264-4fc7-8c6e-89c8d161cfae} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab
    3⤵
    PID:2192
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5356 -childID 4 -isForBrowser -prefsHandle 5196 -prefMapHandle 4304 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4908bd31-8fea-45f1-b2df-94d21e1ae3c6} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab
    3⤵
    PID:4176
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5532 -childID 5 -isForBrowser -prefsHandle 5540 -prefMapHandle 5544 -prefsLen 27051 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1996cc1-6f68-4e1b-a214-980bbda968e6} 4552 "\\.\pipe\gecko-crash-server-pipe.4552" tab
    3⤵
    PID:4020

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x118,0x11c,0x120,0xf4,0x124,0x7ff9f704cc40,0x7ff9f704cc4c,0x7ff9f704cc58
  2⤵
  PID:1528
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2044,i,3492988665519085629,6231981488072425334,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2040 /prefetch:2
  2⤵
  PID:4784
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1832,i,3492988665519085629,6231981488072425334,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2476 /prefetch:3
  2⤵
  PID:4864
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2228,i,3492988665519085629,6231981488072425334,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=2604 /prefetch:8
  2⤵
  PID:3372
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3136,i,3492988665519085629,6231981488072425334,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3176 /prefetch:1
  2⤵
  PID:368
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3152,i,3492988665519085629,6231981488072425334,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=3348 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4484,i,3492988665519085629,6231981488072425334,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4580 /prefetch:1
  2⤵
  PID:744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4688,i,3492988665519085629,6231981488072425334,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4716 /prefetch:8
  2⤵
  PID:5148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4720,i,3492988665519085629,6231981488072425334,262144 --variations-seed-version=20240801-180145.014000 --mojo-platform-channel-handle=4540 /prefetch:8
  2⤵
  PID:5156

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x104,0x134,0x7ff9f31146f8,0x7ff9f3114708,0x7ff9f3114718
  2⤵
  PID:2928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2008 /prefetch:2
  2⤵
  PID:5348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:5432
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3308 /prefetch:1
  2⤵
  PID:5608
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:1
  2⤵
  PID:5624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
  2⤵
  PID:4048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4932 /prefetch:1
  2⤵
  PID:4664
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  PID:6464
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3420 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3452 /prefetch:1
  2⤵
  PID:5752
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3668 /prefetch:1
  2⤵
  PID:5764
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1976,12630665503202197336,12031367139773376343,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
  2⤵
  PID:5320

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
PID:628

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5540

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5980

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:6432

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:7152

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
354B

MD5
805b6d96cf534a728732c6af276c75b2

SHA1
5c8d0add84ac9692dc18bc5966e7d513c220d9b5

SHA256
e2dfb9df974e08b10627f30917dfb0f041f1a48ab727b395068b735444545a81

SHA512
259ccbc9801f4115e5c826c36718bc7f1b09ad2ed97c3449940142c8000c80f3d167b55b9d82c3b23b3427e8cef79b923c9749dd3810b1fed974bd43944f333d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
09d40691cfac4eafb788adfb68a6bbc1

SHA1
9e5317eb59afec94b2bdf657540bc5e150e303b5

SHA256
5c5ed1ac10487f65558c48e0e89c6cdf260d672998e87b2c3ba7258051e52d9c

SHA512
198566fccbda6170f9dc62f23147969ae1dbe371309a74263e25f7c8ee611d2b314e6361e31f0e83f27e0324e5d6e6c8ba8058eeaf01c45f66412565b88d8a46

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9a1de3cad22601d881816c33a2e28683

SHA1
e16c05fe8243b73dd533d39d30d86ec9b68486d5

SHA256
c67e8a733fa3018a4f9dbab91ce479a206e4c23343b820f821ff16e36ab96e2e

SHA512
c0b1ba68dd7cdac88e5e49bee5874e4cad1c50ba4f8c82d3358eaad386f9a227c2f96fa5918b65f2332e9900afaea0327ce604079f24e101136b6c6ec0dfde8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
9KB

MD5
9022a72870df3beb816f30912176ce5e

SHA1
b455361c18fc82b261e48e2277fc88fdc80484e2

SHA256
9e212b862f114eec803fbe3b9cb7cd9027cb0800145b59ae12472b5fb310402d

SHA512
5ce9a00bbbf181bc96a7945bc9f3179b5609a829f5f64e2f5f9211245bdaf5cb8232abdd83b1842261a2549eb6b8c385eaa03cf99e27ddcaa61e7e322e06b1cd

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
684692545288fcba794bbca864b3a9cf

SHA1
402a2d4bc202a0b34cf5c66793549c50325e9959

SHA256
4319a43fdc5915bb535215934f75d070c7fa27a08ce8a3ec4d2d4c68b32d9a88

SHA512
129c57401780d07013258e74ac2dd51a09cd5f6a1d71f42f32c02443a4e3d80f1054007510022d26185813650d39a134a571b73fb4517e195d34e80a91cbe823

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
99KB

MD5
ad297afe116149e597e716f178e5a65d

SHA1
aad38567953dff1b1e60a1e4c221e7b79a028ad6

SHA256
fd7c019129d3557745ea03daee848cb41bcb90ad8340375d4a26da36db1a9819

SHA512
4f8c5ea30ade43801c3600da01e61012ffbc4b48be929628131de5181c376a4ec3a12c20e239285bed535399b980fc80d11626bea8b3c0dfd892b4777e45b6ea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
847d47008dbea51cb1732d54861ba9c9

SHA1
f2099242027dccb88d6f05760b57f7c89d926c0d

SHA256
10292fa05d896a2952c1d602a72d761d34bc776b44d6a7df87e49b5b613a8ac1

SHA512
bd1526aa1cc1c016d95dfcc53a78b45b09dde4ce67357fc275ab835dbe1bb5b053ca386239f50cde95ad243a9c1bbb12f7505818577589beecc6084f7b94e83f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f9664c896e19205022c094d725f820b6

SHA1
f8f1baf648df755ba64b412d512446baf88c0184

SHA256
7121d84202a850791c2320385eb59eda4d697310dc51b1fcd4d51264aba2434e

SHA512
3fa5d2c68a9e70e4a25eaac2095171d87c741eec2624c314c6a56f4fa390d6319633bf4c48b1a4af7e9a0451f346beced9693da88cfc7bcba8dfe209cbd1b3ae

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f269dd0ddfe3ae16782b68c6212ad78e

SHA1
beee6b65a52cf38c244ce3aa6820dd0d7acde354

SHA256
bda8bdec00aa2db47dbd7bd433477c90effc91de812414a3494a52df644923ea

SHA512
575afe9e08e69327db17327dbcc64b89b5f1345e12460eda9e98d8de91120cd91de932d0ade8a89e601c545ff9ee1d88a12b8609d7e5443712d1ef8314c0163f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2df0aa60f2480c11e762bcafe60ba5aa

SHA1
0c4ffb57625db6fee3662009844dc6c34e0da532

SHA256
dc9a8160c14c10a75ad2191ecbc699af150f21843055af1ec7a0c53e689563cc

SHA512
83ec8f3db994b401d7efb21dd636dbaea1f3828f29df76a2bb20b57383268046064ee2df99343e7b54336de690161b2f19f48714595ac509006d3696e521a297

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
4cdfd62fedfbe203567a7aac5502e16e

SHA1
198be5eae69c76c4381299f1cbac870255603617

SHA256
870396d54f2db34cc8f31b9e239c656df69abc9ee276ae003b6c2e8eb445b0d0

SHA512
527cf5b36545c3086f22829e0eb5e2d4d2b61b56765466c50f00341029e0753c6a1030de36ddc25e93e7d37caafedf8188da49a255a6548a92471c63b7f3861e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\activity-stream.discovery_stream.json

Filesize
30KB

MD5
deb84c8a427e940b7043069c5bbddd60

SHA1
bbc606d4ef6bd170d9c27d08c0e1d5a092c66158

SHA256
96f979ff73af89343b9a38dbe7f70dac7b7b11e0d911e7a672820977b73104f4

SHA512
acc999918829818f8aee8656ba85c24713375a5a82addc6598e94475e849cc0830e955abfc8764069c368bffbacf4cec494f2425bbdd84e8922a83910446daae

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
6KB

MD5
5cde77a517ed8078f0770edcfddf40f9

SHA1
74c02e07992c7867080cc6f8b49e503db0e6dadc

SHA256
6e30c476e2a153e6891af6cb26bbed03d4fd54a81e16550df9b53cf5d51b2d8a

SHA512
56a8d1e192a6335f8e38b2551af4cf79d00b2eb61d5d018b12aa9f68dfc7fac4c6d46e9b5c681fecc879f1d2502e53cbb3465c1782d6764731a10ef9729277ec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\AlternateServices.bin

Filesize
8KB

MD5
7feb59009758c5ac7288a86e34ec68b6

SHA1
cbd619ae849b5e3f2d8bbc342449c2f7a1ef575f

SHA256
5b5aa961f84ab4e6a1c5a5205391a09f312f48f4c8ed7efcd9509485e0ddb54d

SHA512
65c3fcf2cab595634fd9e8c0ee9973f710bc6930d47a8fac27e64f4d1b50aee6ce5e526eb1100e4858daca9b123d7dd3ff4314bdcde82a88c37ad10929b114e6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
51d3858a07dea73ccdc3c55b2468b90e

SHA1
6bb79efcb52ab631783fe9e6ce8870136c3b1334

SHA256
fb4898ec586c47c7b0a4f7d8e5fa362c6989dac8cff789574159809e50afb404

SHA512
9886ff7d14f3a0664eb68caefabc0b03479a06cb4a1c50830da143082b57ea2b11c23b42a5dda78169d832507845cfaf57ec3001b5c0bcf27a2820dd9c0973e9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\9f3be11f-1145-461f-ab75-b4d986c20615

Filesize
982B

MD5
e60f2131e45fff79d88af0e16c2e5a8a

SHA1
5384ea5f613453c58bfb2d718e6d6cb34b26cfcf

SHA256
24a5877b3eb4460dd5def467413f30bc79a0d09908049ce00cabeebcdb64c5fd

SHA512
9a2220fcd65002a03e2748637fbac78e1578181968fed44765ebbacd4d258145a94c00596c6adf3bc6348f6db57b1a4894d39edf99bc7ba6b8853f99e9c982d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\b8a9c819-e436-4157-bfaf-ca17edd4d8b1

Filesize
27KB

MD5
5dd2821df6d47d8337ff21173a4429f5

SHA1
964850f9de4eaf9a615461ef2749a634f66e305d

SHA256
79b16a0b04eddf2840443076a5222761205e4c3392a5aff5b00e87bd91cb2481

SHA512
41cc805bb00b597cff8eb14e6d28594818492584b1cbe13eb1c88bb829f952c2dc80892cf76ab2af2f863fb33ccc9d667ce2247ff981071000a47904b8ffa09a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\datareporting\glean\pending_pings\c42dc056-f954-437e-a6bb-64e84b54f8c9

Filesize
671B

MD5
a5094932bc84775c11b177fdae1252f2

SHA1
bfbf30bcf21c8b676c2b0922ca044d782fcaa625

SHA256
2ed91425e48de4474287256653103327c6148ced3598926e268e132373d24530

SHA512
1302f0c11207f520e07912e472aed92edceb3e5b99eeb45e9eb268a4bbec03b21e405a6145c40ccfd3b585b5a8024a3135cc5e1d9c2ebed7425c2146a94a4620

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs-1.js

Filesize
11KB

MD5
1af6bb19a3419e3e554cd1b8c14e0c57

SHA1
f791b5784dfdcb519abd9c53dc5786e904b11950

SHA256
5103e6a33fcd930377424d291f3045cb7615f4e2cc67da31feb456ac32d53a39

SHA512
bfae05ba9ff8ce302656c043d066bb17a435e76b8d87b2c6383520fd81e1dd1bad3d215d6534c017a251cd3711e81cf54800fd039f81c3e8273634090ea69868

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
f2d5157160aa5142c9d307aa59764f41

SHA1
272dd68017799bbf87d0fefd56b6c80dadc3be3a

SHA256
8eb7e843376cc51a5f9db69bd2f3f29c01246e6ca79f81eedb975e4ff0081b38

SHA512
a1b431ba95fc396cf12bf53b08d18b47668ad01872d1859d54638daf8fc671261a6618fbcdcf5c0afbc67c9f0e2dba0199120540e2c1c4f27e1db0fe8d82d818

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\fz3nlbuq.default-release\prefs.js

Filesize
11KB

MD5
1a3dcd0b717bab4d069043adc84aa1ab

SHA1
6a9ee74ce19d83b27f739d84dc3452adfc1cd093

SHA256
36b223f8d3bed2b6e3a3147a40f1a4470987c3b3580b4b37de0d3fd332737575

SHA512
f63c8994d36c4d20aba52b50e876d4ac760cb7aefa9c7504904e7476903ca763ba2c3243a0ce814f3fcad4c49b37cc28ddb0b8158f94e6199e06ef36d30a3308

Download Submit
memory/5020-1-0x0000000000AB0000-0x0000000000B34000-memory.dmp

Filesize
528KB

Download
memory/5020-0-0x00007FF9F8F63000-0x00007FF9F8F65000-memory.dmp

Filesize
8KB

Download
memory/5020-4-0x00007FF9F8F60000-0x00007FF9F9A21000-memory.dmp

Filesize
10.8MB

Download
memory/5020-2-0x00007FF9F8F60000-0x00007FF9F9A21000-memory.dmp

Filesize
10.8MB

Download