hxxps://greggman[.]com/downloads/examples/html5bytebeat/html5bytebeat[.]html#t=0&e=0&s=8000&bb=5d00000100d8000000000000000017e07c448a369a0fb84fd64c3680f0b757a25bd766d62696e767c8dd550588c4247b59701e0e8da7fac3eb2ef42618bcfee305a8794a84de090a58b4c2afae4dea361455b6e322a8c5ae9d4560337fcc00c84b7d301a79c3553e3be93807fbfd1e28d151964b29e2b16affe9b8ee12a6db921233daac18f14850deee365ac8ad2e5de190238336358a2653ceff4b62a8467a0c3aff7f3758cb11042da65e8941ffff4b429d00

Resubmissions

18-11-2024 16:29

241118-ty96csvqcp 10

18-11-2024 16:26

241118-txn7hazfre 4

18-11-2024 16:20

241118-ttg9sa1bnm 4

Analysis

max time kernel
127s
max time network
129s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
18-11-2024 16:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://greggman.com/downloads/examples/html5bytebeat/html5bytebeat.html#t=0&e=0&s=8000&bb=5d00000100d8000000000000000017e07c448a369a0fb84fd64c3680f0b757a25bd766d62696e767c8dd550588c4247b59701e0e8da7fac3eb2ef42618bcfee305a8794a84de090a58b4c2afae4dea361455b6e322a8c5ae9d4560337fcc00c84b7d301a79c3553e3be93807fbfd1e28d151964b29e2b16affe9b8ee12a6db921233daac18f14850deee365ac8ad2e5de190238336358a2653ceff4b62a8467a0c3aff7f3758cb11042da65e8941ffff4b429d00

Score

4^/10

discovery

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\5dc00c1e-c986-4913-bf42-b49e8091cd3f.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241118162702.pma	setup.exe

Drops file in Windows directory 4 IoCs

Processes:

UserOOBEBroker.exe

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

FileCoAuth.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	FileCoAuth.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exefirefox.exe

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exe

pid	Process
4216	msedge.exe
4216	msedge.exe
4848	msedge.exe
4848	msedge.exe
2508	identity_helper.exe
2508	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

Processes:

msedge.exe

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

Processes:

AUDIODG.EXEfirefox.exe

description	pid	Process
Token: 33	3500	AUDIODG.EXE
Token: SeIncBasePriorityPrivilege	3500	AUDIODG.EXE
Token: SeDebugPrivilege	3000	firefox.exe
Token: SeDebugPrivilege	3000	firefox.exe

Suspicious use of FindShellTrayWindow 48 IoCs

Processes:

msedge.exefirefox.exe

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

Processes:

msedge.exefirefox.exe

pid	Process
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
4848	msedge.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe
3000	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid	Process
3000	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	Process	procid_target
PID 4848 wrote to memory of 1096	4848	msedge.exe	82
PID 4848 wrote to memory of 1096	4848	msedge.exe	82
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 1908	4848	msedge.exe	83
PID 4848 wrote to memory of 4216	4848	msedge.exe	84
PID 4848 wrote to memory of 4216	4848	msedge.exe	84
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85
PID 4848 wrote to memory of 1296	4848	msedge.exe	85

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://greggman.com/downloads/examples/html5bytebeat/html5bytebeat.html#t=0&e=0&s=8000&bb=5d00000100d8000000000000000017e07c448a369a0fb84fd64c3680f0b757a25bd766d62696e767c8dd550588c4247b59701e0e8da7fac3eb2ef42618bcfee305a8794a84de090a58b4c2afae4dea361455b6e322a8c5ae9d4560337fcc00c84b7d301a79c3553e3be93807fbfd1e28d151964b29e2b16affe9b8ee12a6db921233daac18f14850deee365ac8ad2e5de190238336358a2653ceff4b62a8467a0c3aff7f3758cb11042da65e8941ffff4b429d00
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x124,0x128,0x12c,0x100,0x130,0x7ff8362746f8,0x7ff836274708,0x7ff836274718
  2⤵
  PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:1908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2272 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2832 /prefetch:8
  2⤵
  PID:1296
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3364 /prefetch:1
  2⤵
  PID:2132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3388
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff660135460,0x7ff660135470,0x7ff660135480
    3⤵
    PID:3980
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5672 /prefetch:8
  2⤵
  PID:4092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6128 /prefetch:1
  2⤵
  PID:4316
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6116 /prefetch:1
  2⤵
  PID:1808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3508 /prefetch:1
  2⤵
  PID:5400
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3500 /prefetch:1
  2⤵
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6540 /prefetch:1
  2⤵
  PID:5628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2208,10852988244173162112,9639015054501020318,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3844 /prefetch:1
  2⤵
  PID:5636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:32

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3208

C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x484 0x300
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:3500

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:4632

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
- System Location Discovery: System Language Discovery
PID:2288

C:\Windows\System32\SystemSettingsBroker.exe
C:\Windows\System32\SystemSettingsBroker.exe -Embedding
1⤵
PID:2552

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s DisplayEnhancementService
1⤵
PID:4952

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6072
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1964 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1876 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {977b76bd-56b6-4aca-97e6-fe0f673fbf6c} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" gpu
    3⤵
    PID:1868
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2420 -parentBuildID 20240401114208 -prefsHandle 2412 -prefMapHandle 2400 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dcb43bf7-9acf-4af7-82bd-0e3489dfc343} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" socket
    3⤵
    PID:3880
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3144 -childID 1 -isForBrowser -prefsHandle 3152 -prefMapHandle 3196 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a047f8a7-16b5-42d3-ab96-972812afe1ea} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:4764
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3696 -childID 2 -isForBrowser -prefsHandle 3640 -prefMapHandle 3712 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {60453da4-23bf-4bb5-985a-65869e4d69b7} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:6128
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4912 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4972 -prefMapHandle 4968 -prefsLen 29198 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c194f2ab-b645-447e-98f7-f0315475f17a} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" utility
    3⤵
    - Checks processor information in registry
    PID:1628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5544 -childID 3 -isForBrowser -prefsHandle 5536 -prefMapHandle 5500 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c72af3c4-6487-4f16-a04b-96e29452ecc3} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:3012
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5580 -childID 4 -isForBrowser -prefsHandle 5620 -prefMapHandle 5624 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dc9afdb0-b74b-444e-8e65-af2a37b3951b} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:1452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5848 -childID 5 -isForBrowser -prefsHandle 5768 -prefMapHandle 5776 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1188 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {71e8a21c-1a8b-4375-844d-2452c381551d} 3000 "\\.\pipe\gecko-crash-server-pipe.3000" tab
    3⤵
    PID:4816

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ccff51f965f8f4176e4ad112c34c86a7

SHA1
eab249ca0f58ed7a8afbca30bdae123136463cd8

SHA256
3eb00cf1bd645d308d0385a95a30737679be58dcc5433bc66216aac762d9da33

SHA512
8c68f146152045c2a78c9e52198b8180b261edf61a8c28364728eafb1cba1df0fa29906e5ede69b3c1e0b67cfcbeb7fde65b8d2edbc397c9a4b99ecfe8dea2dd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
c29339188732b78d10f11d3fb23063cb

SHA1
2db38f26fbc92417888251d9e31be37c9380136f

SHA256
0a61fa9e17b9ae7812cdeda5e890b22b14e53fa14a90db334f721252a9c874c2

SHA512
77f1f5f78e73f4fc01151e7e2a553dc4ed9bf35dd3a9565501f698be373640f153c6d7fc83450b9d2f29aeaa72387dd627d56f287a46635c2da07c60bc3d6e2c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
408B

MD5
2542fadbadf34271b31ddaf4f2f7e348

SHA1
aa2e22620c5bfc4b5a94b1e4814139dba5693610

SHA256
177657db320a2531db042314f7493b5fd2aa3cd2e9e25e8f0d4d5f738cb5c36b

SHA512
6694c8568359871eea09180d552684df5e31f9d56cffa8b13272eb4adfd139073b51ff0c450bdc5d70b36e8263c85ae27f7f6c2eab70557474b8117f9ea42b58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe57d745.TMP

Filesize
48B

MD5
cb0fe2a2de6a53c12905a28e910c9875

SHA1
2e462e9f39d36b864bee7f2736e4c8bf536999bb

SHA256
cc61bbbcf68bfa9990a11f8e6d26bea74ec4d2837ff1c14cc793df776c629f30

SHA512
a29496af0b8737a12e57428cd64a5542dfc6d1e5062dc6c3791e05a73fbd406251fc898688a8635a1dd81a7b70e852e3af7bfd9cdfcd7c1520ba4a01193c30ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
256B

MD5
aa2fee9b59947edeadca458a5c2880d5

SHA1
e71867af4bdffc32e7900a31f26243aef14917fe

SHA256
3ffe55bb001e8d6b7e199b98aca1eaeeb44843e1fb49b2fead1cca30f32fe363

SHA512
82c0eac796c9db09d5ccfb0fee3d156ec3ee560c9d52246125bb74ffeb6ec3e6d0a0bcc4e8c4667ff6fe34d689638bc1b8aa56d4542354696d773f17ec7e140a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe57d7b3.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
5656c52fcae1dc21fa840ebf866496db

SHA1
05fe6b7c5b0505add6e484aa3a0945d89f445c09

SHA256
2d71fda6476561bce23525bf92472744317c449afc4753245512618315ac5ec6

SHA512
db8d005df5292e8c70e7d40826d5c083c1e08fcbc2ca109607a258b7563628a1b0cb7fe4f27788f6c910664b283c86d59ab09432295228e5a3dc682c51156ee8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
63a51600d0e943c56e9e8c645287ca4f

SHA1
670ba6601c322205e6b72954e2a3da8ded232fb6

SHA256
4dba66888066675bd546adc2cb1a3bbf2a376185390f8d4f152904758078b1fa

SHA512
12b6ce39ec4d655b51d6ba282368dce7f486ec276c683fd86d625a183bf0508cdcad9a69501c7c524aca0b2f0b91ad14a690b44fdc70183225e5c92f228d3f89

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f3f7d71138425bc34015637a13e2d4fe

SHA1
e2416678cfe2ed18e75cbae77c62b18a798b53d2

SHA256
f1fc4c8adf32c31e59f4d929f1be1b530320d3c44bb032af924a567e3f0587b3

SHA512
301ee5a7a3dee2b0aba228de69c17c6c6a467f4865f22d5396180863b171e0d71d3e4a52e3d278d031a89679fe59ed163aca558aa6345a4f75c1efefdf383cef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
86aa28ffd286b08415aa197216684874

SHA1
d99924976c73e3220108817ad6bc1d8b1795ca2d

SHA256
a6dc4bc6ade3039e57b538f2620b91602199f1908b23c4a2beb3fd3aa721579d

SHA512
a51fbd1af778d32f2f95a9a863a59f42a7eb804dbb8ce85459297959eea21fbfe9625d74c3f91ad65016031d4b3e26eeb748c1c59e09ac68778fc670d408d0fa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
26978f38b0bce48572b90b762b7d937c

SHA1
8b8b88012fab1d37fca79575a5db81674b424867

SHA256
b38f05e2e63a1f87026aed06f5b85354570c6f91d28947466f0555276bab6afa

SHA512
501e0de5f46bfaac901cde5c39a321edc411426fd91c83427f36710fa56d20b5f6ab8f2219d963f7ab495c2df7def879652381db3876b7e2a7080921cce78379

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_2

Filesize
8KB

MD5
0962291d6d367570bee5454721c17e11

SHA1
59d10a893ef321a706a9255176761366115bedcb

SHA256
ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7

SHA512
f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
5ee19c68b59223346717b3440c6dd9be

SHA1
4d9a6565bd47f7635fb7c793cd2aeb6658671cfe

SHA256
a35ea423d3985498c8b1e840e5790220befab57f8c3a375c16f578071d5b3780

SHA512
1a10ce5e0fe94b1f67c5bfd682b6a7917643187e6f7c4a73f47f44bbcac70beaddd6ff482be2c37123815f0d71c56808332fb45d43ed8d48b354776db36fb714

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
f0c1dc2770599aa709f97e1325912b88

SHA1
3c5bc16fa9fbe58221ae4fecdc60a5ab9710582c

SHA256
6b4096b8bdb78fe0c3fb81338a3773b65737285f86f5fce095d9fc75fc7608b4

SHA512
aa29849cbf93bd00230dc1599a1d712dd4f0e2bd8699f8c99f9e52b19ba3e83e6f5f7e6b66bc65f8a49c45b6b2761e13e4665be413f7c776a8e117e1eccb23d4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\etc817bi.default-release\activity-stream.discovery_stream.json

Filesize
22KB

MD5
6aa643c4257e18ef3ab90f218f9c048a

SHA1
d5fc357c2fe0ab0e2bf4f97e6dbf39f0cc49f298

SHA256
50f75ece96f59848d1eaa552779e1858191fc04c3dc63233f577419bef0b5922

SHA512
5ad22f3905cd12d880e724fa0022179cc714d84e01924c330babc4470659c0f063818b47e851cb74e296e89911bb5b9bbf2e9e79d6884b1a557d44877216fefc

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
2b909ac6221154a0dceddd401b8901c7

SHA1
42e2938fba180ca0e3e4dbba856ccb5cc279ef47

SHA256
55b01bb724ef632143650ada1a21f5b4ef97e9a3530faa54d08ff5ec2575a9f5

SHA512
d553eae2ebadc24b207d7abc9b65d43d058c360e81026a8dcd97d0233266f2c766b2832189878fef3e71b48034b54dd78db55fff1239ea7e80d730ca5a22da60

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7ab5865c12b7a17f8bcdbfcdb1cf7515

SHA1
77aa7f3dc3113093a99748554e02c9887a1ae1e8

SHA256
19e7b9ddf2c6bc5c018af67478979af51e2fdee61ab8c149b81aa98404c5e926

SHA512
4177f7c73f7ebd35bb443ed6c06017651f4d10c87e7cc74bbfc76960855f1c49753e3319233b826a6a8e10fac0a801d5d877b9b2a42600801bebd1fe0c4b5481

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\AlternateServices.bin

Filesize
8KB

MD5
fd4859996f8c93a585368648cd7420b4

SHA1
89ccc0c3a48ba97183ed48fcf6b5c0c3fefe6820

SHA256
82da2f769e276f8adb2917d4d9c79f2ba2c77f0eb7dcc6bebc84bdb9a62ee089

SHA512
80cca623f746f047c7e6b2a5436cfe68bd791bd4eaa6a33f2ca51cb8b0444fd10cbf4a775d0c7090477278e74bd9b87e2494b0d56546dc15f775985be1d00a07

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2e0cf5c9da69703016dd8da3e044055f

SHA1
e344c7e98031573b5007c8def3ee9f403618ffb6

SHA256
3bdb8c127498235c59d83a895188667e2a1730f20d174b8b5f62f7572f9b3cf2

SHA512
724f56df12136ec159e17952cbf0c4c0a1cc804e91aeb88367d147f5bbcae13efa779ae1b07a5266e5be8d7554ef20abd85a5674838c3dc54d37a623142c4566

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
2c2edea29ad04b84e67908242910be85

SHA1
5a714f4252801c47e9a7d6c4402274021bdaa5f4

SHA256
5fbf28f9495e2231df08f47af60784b41f1753ac7cf765bcf5e6fa82a31f9603

SHA512
c3d9e1a7e002e77e89903eb159a04b944c3a4e410d742566ba86a7fd7310745a5b81e1d2eb96ac260dca59b9562ea4576075b541a24da2094e13437b80e9577f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
53fb9b590bcee0bce37d08c55f04975c

SHA1
3ba9da1bc79b64a3e0a30c736d56ad368e53f24c

SHA256
1843e2cb0ce4241b7d00d5eae7b94f3ba21b6d8388ffba35adf902154f2b9ae8

SHA512
cade2526a915722e2ad9d7bd4cdc379dd561ef80cfea34ebfc2418db8a4e47be1ba28663bf41a3186b100833a8151753c7461082d07fe2f74a4b896a6f53868d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\37e03a4a-2ca3-4a29-896d-b3547974fa41

Filesize
671B

MD5
fcb6536f5be9939e25bee7773c99ee67

SHA1
45d9d5151650ba2f940f38dd2c8140fbe2276e95

SHA256
e1ddb086f27ff311daf604f74d2800d6ec6586aee23ee6573c2b96f9e2778575

SHA512
d7090ff925cecb5a5b5cbb57540d612f7919cf257e266eb6b64374dd5c983f823c3ba47c4823e73897257e99680ce9cb0b0563491345652299df9b2cc0fa16aa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\679348a1-53f7-4ed6-8606-55dd32b5e0f9

Filesize
982B

MD5
4ad8ab0ba9b39f416b65b6fe0f1ce56e

SHA1
9bfac606ac986da513b8f935b838202a3181a979

SHA256
fb6ad7573afcb2dcc7ee5e48c18a5ce754cf70a18e0c60dee0b91ab5f3eda937

SHA512
a4b85255953cfad8d68ee214a36bac7863a4221a9f6ed5393c3d7091e3f9fdb34e6a4f4be4103c11bf4575515cc20a6f2c00679e5e9ce07bff3ee3bd5a445fb4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\datareporting\glean\pending_pings\826f8659-b12c-4aad-97c5-5eea57f5caeb

Filesize
27KB

MD5
a94c9968666d87dca81810e5c33604b3

SHA1
a8fcb0f95acf2abdd97a2f33ca39af045197d222

SHA256
23abf6787be2a61d5c377b469335d1c849250f76ff31aaa50b07025bd1fc1f36

SHA512
29a730396efb355764db03ae7711acd3a064557c8d144ff4381ffec5f91e025e7d6d17a2b3f1f2059132cdde6f97ba8b5452b44f09a58832b79823c147346279

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs-1.js

Filesize
11KB

MD5
1a3a1a370772148edfb854428d7a865c

SHA1
643118ec18125f7e8fbdc7a92501b627c01c342d

SHA256
16eaca20bee46e0f7b222c2697821f736293b28e835a7970f721e424f2db466f

SHA512
2843282dcd1cd720df0ac9e3a2f5512a1789dd89c0a50004e88a5965a5fc7393fd70d18fc19d6d96aa3e16bc16a3f7850cfb15294446b2441883e1e4c2433cfb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\etc817bi.default-release\prefs.js

Filesize
10KB

MD5
00c5b5db489adeeb4ba7c8fd6ed8d6bd

SHA1
b698fd2e016fce9c41a47a7080d449b34730595b

SHA256
e93d543a609e100e2fb0cd2aed1c2e9aa6da69ea7ac445335ed604c377cb1c36

SHA512
07bba8c42d8acf4f30fba0f57b8a7967754ecbc77e51156289e7e6383807c03bd1c57d2d7bbd6958ad321951a6970f77ef49cf62f82a48b99f1f25f76c57575f

Download Submit
\??\pipe\LOCAL\crashpad_4848_TAWWLNRBQNKICKPP

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit