hxxps://drive[.]google[.]com/drive/home?dmr=1&ec=wgc-drive-hero-goto

Resubmissions

23-11-2024 23:30

241123-3hgzbaymck 6

23-11-2024 23:28

241123-3f9xbaskgw 6

Analysis

max time kernel
146s
max time network
151s
platform
windows10-ltsc 2021_x64
resource
win10ltsc2021-20241023-en
resource tags

arch:x64arch:x86image:win10ltsc2021-20241023-enlocale:en-usos:windows10-ltsc 2021-x64system
submitted
23-11-2024 23:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://drive.google.com/drive/home?dmr=1&ec=wgc-drive-hero-goto

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
8	drive.google.com
10	drive.google.com

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\f2e75fc6-948a-404e-82e3-9a7f1fcacf66.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20241123233119.pma	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
3728	msedge.exe
3728	msedge.exe
4520	msedge.exe
4520	msedge.exe
3580	identity_helper.exe
3580	identity_helper.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe
2568	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of AdjustPrivilegeToken 5 IoCs

description	pid	Process
Token: SeDebugPrivilege	3336	firefox.exe
Token: SeDebugPrivilege	3336	firefox.exe
Token: SeDebugPrivilege	3336	firefox.exe
Token: SeDebugPrivilege	3336	firefox.exe
Token: SeDebugPrivilege	3336	firefox.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
3336	firefox.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe
4520	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
3336	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4520 wrote to memory of 4360	4520	msedge.exe	80
PID 4520 wrote to memory of 4360	4520	msedge.exe	80
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 5016	4520	msedge.exe	81
PID 4520 wrote to memory of 3728	4520	msedge.exe	82
PID 4520 wrote to memory of 3728	4520	msedge.exe	82
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83
PID 4520 wrote to memory of 1884	4520	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://drive.google.com/drive/home?dmr=1&ec=wgc-drive-hero-goto
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x128,0x12c,0x130,0x124,0x134,0x7ffb47d746f8,0x7ffb47d74708,0x7ffb47d74718
  2⤵
  PID:4360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:5016
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2320 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3424 /prefetch:1
  2⤵
  PID:992
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4988 /prefetch:1
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  PID:5592
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:3884
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x248,0x24c,0x250,0x224,0x254,0x7ff6d0875460,0x7ff6d0875470,0x7ff6d0875480
    3⤵
    PID:2420
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5768 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3580
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5964 /prefetch:1
  2⤵
  PID:4292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:6112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6148 /prefetch:1
  2⤵
  PID:324
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6216 /prefetch:1
  2⤵
  PID:2788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1992 /prefetch:1
  2⤵
  PID:5308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=256 /prefetch:1
  2⤵
  PID:5116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5652 /prefetch:1
  2⤵
  PID:4656
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6344 /prefetch:1
  2⤵
  PID:1176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,10207022621529547187,15382827101241457307,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5432 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2568

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4748

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1644
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:3336
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1984 -parentBuildID 20240401114208 -prefsHandle 1904 -prefMapHandle 1896 -prefsLen 23681 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {318c62e9-4878-4869-927a-ce3f542cf484} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" gpu
    3⤵
    PID:2864
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2384 -prefMapHandle 2372 -prefsLen 23717 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3754fbe9-2b0f-434e-95f7-9c8b46ffda75} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" socket
    3⤵
    PID:4164
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3056 -childID 1 -isForBrowser -prefsHandle 3256 -prefMapHandle 2984 -prefsLen 23858 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0aa9be71-876f-4206-8135-86cfbc6e3e5f} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" tab
    3⤵
    PID:4624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3580 -childID 2 -isForBrowser -prefsHandle 3688 -prefMapHandle 2772 -prefsLen 29091 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8f9ce7af-63cc-4ddc-b914-8e23a59f0007} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" tab
    3⤵
    PID:1672
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4892 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 776 -prefMapHandle 4820 -prefsLen 29091 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d0bc090a-7bc1-4a9b-b102-bc5e4420d26e} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" utility
    3⤵
    - Checks processor information in registry
    PID:5648
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5112 -childID 3 -isForBrowser -prefsHandle 5380 -prefMapHandle 5392 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fa10c188-d965-4eaa-adf2-554df8273207} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" tab
    3⤵
    PID:5208
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5624 -childID 4 -isForBrowser -prefsHandle 5548 -prefMapHandle 5556 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38b08eb7-6b02-4bdc-8815-8362fa5889a5} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" tab
    3⤵
    PID:2772
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5764 -childID 5 -isForBrowser -prefsHandle 5532 -prefMapHandle 5536 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 1036 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5e359d04-9c42-426a-8d14-f07aa2b793df} 3336 "\\.\pipe\gecko-crash-server-pipe.3336" tab
    3⤵
    PID:5140

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3876

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b5fffb9ed7c2c7454da60348607ac641

SHA1
8d1e01517d1f0532f0871025a38d78f4520b8ebc

SHA256
c8dddfb100f2783ecbb92cec7f878b30d6015c2844296142e710fb9e10cc7c73

SHA512
9182a7b31363398393df0e9db6c9e16a14209630cb256e16ccbe41a908b80aa362fc1a736bdfa94d3b74c3db636dc51b717fc31d33a9fa26c3889dec6c0076a7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
32d05d01d96358f7d334df6dab8b12ed

SHA1
7b371e4797603b195a34721bb21f0e7f1e2929da

SHA256
287349738fb9020d95f6468fa4a98684685d0195ee5e63e717e4b09aa99b402e

SHA512
e7f73b1af7c7512899728708b890acd25d4c68e971f84d2d5bc24305f972778d8bced6a3c7e3d9f977cf2fc82e0d9e3746a6ccb0f9668a709ac8a4db290c551c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
51KB

MD5
f61f0d4d0f968d5bba39a84c76277e1a

SHA1
aa3693ea140eca418b4b2a30f6a68f6f43b4beb2

SHA256
57147f08949ababe7deef611435ae418475a693e3823769a25c2a39b6ead9ccc

SHA512
6c3bd90f709bcf9151c9ed9ffea55c4f6883e7fda2a4e26bf018c83fe1cfbe4f4aa0db080d6d024070d53b2257472c399c8ac44eefd38b9445640efa85d5c487

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
38KB

MD5
6f6e6967d0ac40a717a9f3d7828040a2

SHA1
68ca5f5a963a4ba4fc2c07062cfe4b0a381eec58

SHA256
ad55df533c6741f5b1f2217cab808da6446858c7dbe9f0cedc09ede8fbac9b1c

SHA512
86df17fc5fcb6c8978eeafca99207c9074a47bb78befd12680afd601a93490043afa07f31568cf7a55bb04d10a1e90e4c11f9f97d6aca02d0cf76d9a10609f6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
2b3898859074cc9178388caa3ee261d3

SHA1
a5bfb14810f6ecd2322fd1f3c91c5395aa83f55e

SHA256
347b6745b7b1bb9b7ac726743ac5050960156a45477de6afdcfc6fe646681c7b

SHA512
bfc1b912e2d7a41d361a8da2d256744d6e504f7efc814c0e517b51c2365cbbea33653f97fdcccdcb4059fc1c7c80354bfebf2746c4dc3a6a52163a59fbb96481

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
48B

MD5
0c2294077aa47aaa285c99a1295cefe0

SHA1
b194e4ccbb2a428f36b688d84fb175430a772004

SHA256
c85f5b3e2f2cf04b072373e48d383477a18933b80e06cecfcd8fc8d0133ffd5d

SHA512
cc3a6ca4fde06e444283a0dded75875f6e64c9edb03fe01d1a2b8dd1c9445f0fbaea1718160e4b8d98bfeacab320a8e7463452dfdfae4e56cad5e22118f82c98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
336B

MD5
063fe897e1cc87d6a1a11ec284770f42

SHA1
59223598d167f725d1dcb142a264a6de5270d50c

SHA256
d7d93fcfd8682fce0e0e9942ab0ff8f7da25905500e04f55fa14f1b49e5a2a26

SHA512
d45a310d86dc5b7ab75b541a1d0f09d1b59dc14b9a08e96b932d4bf3d51a146a31989adee2ac528433443a5c5a67bb3f1ab47f8bf03f4e08c559f076ded9be1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
18fa853107326d5fdf6967074419d1e7

SHA1
42a2b9754dcf754ce87ee0d9e013edc1c3996a52

SHA256
1e5a553cb300b092cbecf16f0598eef814856da84d518df6acd6fb197ab16de8

SHA512
7137c567224a5fd073168768559e877c88f3790bb2a0316a950626e6831736385f65074b53c60bdbd94ca13e28e25ea9fdadac66e81c31226b0ab7f013b8a84d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
4KB

MD5
008317ecb7248afd79481fb66c5abb44

SHA1
80671b316f75e1958fb7cca730aff8c8b190b262

SHA256
d54b74fff9ba17ddbe947dce4ee996a0af980853056f3e93f3ce7a9fd923cc28

SHA512
393bd07cd7df4b3352a5b7e298cd91a9df7166f19afad6d2188c0fb39bf42b106a375b05c5edddf9da323e7005ee173e345af68f490123d70f2f1ba93744d118

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State~RFe588da5.TMP

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
d75a23fb146ddc9b087c540b87086c9f

SHA1
cca7d6ac88e25aa9e85fce106d1afe135d0352ba

SHA256
02d35982f1b4076349ff0b62f0dbee188595b1532668e45660d879c1cb856a85

SHA512
12ae6b65508ff8155ef79d1e76397d319ac05a6e23c3052d6547a1e08b34c35b4ffffc7eb876a8ee074e932dfd65713353781bccef556c442413e47071ab52b0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
aa30935dfc7c2d2672c885e9ebdde6e0

SHA1
25996e20b3d04cd1a0e73e56520076e3e1fbfd87

SHA256
6a305a3bd0c48d207bdcc3d7c57bbffbb2d3292700b7eebde7248d51f807ccd2

SHA512
853d7bb7a1453708b8f351245814bcba1133a22219401a4a7e430f42bc9b3729a3f97006e55bcfbc5c814a4cfb2068ffe825bb39b1c9f0dda1a72989926e373a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6378a5bf408dd1adf0a79246b5299f98

SHA1
7bfe0cff9dce3d9df2a80b4de7d8b84854d9877c

SHA256
9ccc9670c5b598f0406780c652dae4ba374690165feb26c3a5e0727623103576

SHA512
fa78bc99374d320a85c1f9bdd6c92aec6e5a05848149df37ac7e3b3222cbcdeb0371ea84bad2063c4deb660ce70410a2747f53726404ab444b6b951232aea673

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
7d64b996040a937af917f43b14c7bbfc

SHA1
7f44cbe1c2c28d2ceb37fad43167da404a7efda9

SHA256
eb8e0c03c571bdd6d81b50f89a4323dd04dd753b08e934bcd6c754d31de66fdc

SHA512
a055ad1f5fdcee77aca2959d2e5b6d5da6cc3dec37679136395c788fcf96e10239b4284b17862bd0cfde86ef07632c5e78a8d84ee00c46a45ecef715ada83dab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0e24f43fc601017b040337c3f70b8be3

SHA1
e965afc0a819920428c948fa7c06f5123190d13f

SHA256
90aa45396aa355714b4860547f29306cb7312bd50d2aa6e8c75642d1dabc8fad

SHA512
c8236da9bf783960de4eec3f0ad4b626feb51fd566f463c8978d5c34bdfc8010221138619ddf1529f194b16217ed52e6ce21325fe8fec42014d3f797aae22790

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
ac2b76299740efc6ea9da792f8863779

SHA1
06ad901d98134e52218f6714075d5d76418aa7f5

SHA256
cc35a810ed39033fa4f586141116e74e066e9c0c3a8c8a862e8949e3309f9199

SHA512
eec3c24ce665f00cd28a2b60eb496a685ca0042c484c1becee89c33c6b0c93d901686dc0142d3c490d349d8b967ecbbd2f45d26c64052fb41aad349100bd8f77

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
6e466bd18b7f6077ca9f1d3c125ac5c2

SHA1
32a4a64e853f294d98170b86bbace9669b58dfb8

SHA256
74fc4f126c0a55211be97a17dc55a73113008a6f27d0fc78b2b47234c0389ddc

SHA512
9bd77ee253ce4d2971a4b07ed892526ed20ff18a501c6ba2a180c92be62e4a56d4bbf20ba3fc4fbf9cf6ce68b3817cb67013ad5f30211c5af44c1e98608cb9e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
80f50dab23bcc740fa6664d9558def14

SHA1
6c8c4d1ae0fbe37b327dabaa3ed757426f03c3f0

SHA256
18f07f4010c0f6bcc545b042f2552c86e11b8c142f43534c28a8cbbb154bb9a9

SHA512
7eb678815f6d481ee4e1255a352659372e37576aa2342f1526277048574280c8e5f2e8c8d9cf002e05d03f64f9f5659c10bb79a7783962f7d3476754fb94b1a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
c5c9dbada94390f898f574debfb1bdb5

SHA1
2261180f1095a8051a2c1c73fbb5cbfcf59883a3

SHA256
8af2fc1bd50647444f41de6e0c2127a45c48d114f6fd7bd5bc16037cfeb5c9f6

SHA512
d84d646be21426fddbaabc2d2e9511e11bbabf95a43cf040735061bb5ceec52a1c47c5bb274979fa4ad0064cb30780802f809e3812ddc8e231637fce3eb682a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b00be0afc71445836f980d2c9bcc5b27

SHA1
5f7b9d71d4e9585cbca06d3c6e79e385c9ac746d

SHA256
9e8ae6352891d9aea54dcb17625f473c6e7010a1924542e01fef299167c74476

SHA512
3b32d5c5d5b13a04b7b366fca3939d2ae87e89c4590fde45c634b3a3ab4591cb42a44af27f6de6f92558a380d04707a960775b7dbd3dcae5b6222c90858d31da

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
2KB

MD5
a8551a2fdd031a685a4d3490dbbafd18

SHA1
780981693c0b6a433d54cd9a40dc448571ba7b80

SHA256
4557fa890d9f2c181e47c8b18b3bea1afc2538b1164894d647347a843d0a4699

SHA512
b29c728ba93f85566b3a9d56d7811ded442b1c825f9740de4795219c34265e8f82320dbf6c85cd58b72bf6fd2b39ec2a59fe2217922f79a7846749b6e62b7cb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57fe26.TMP

Filesize
370B

MD5
f4af8050272d2142951fe2b9672fd3d4

SHA1
0859334b95850329aad1cd75c826cf4f6c0f43a9

SHA256
d6766e4ca5d2c9165af191061de413a76d1750d46d945fe518924a38ed41a863

SHA512
a4c3e004516073f00f9052b6a6d4cc925e9c738f15af976828a9f1cb185a2550b5086c96c5af15d7e437c3e8e8b70c6c05198dca6edcc2ae675d64e4ab161467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
1079dd11b5fb1f6af3e106af11646a07

SHA1
9e41f42714be33b72c34bd5f535991e3e3763c93

SHA256
f958594f595cb86fbd9948c76734649e540fee260ca639da54422b29a3264cd1

SHA512
6d136a03ab2147b6a22b193747e650935d11a9eba21dae8591dff5b9e2af1035d5862da042b18638d93a69d4a10b92bf0731524d81a9afbe4f84f6a7a4335ecf

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
7e5ad57cf8020dcd32d7a9bc81a5c927

SHA1
ed8d4bc646ca4a627e5df9ff5a2b6aa88b757673

SHA256
a156d309eb7fe85e4410ceddae8015c150f656bd5aef3f10fd09cbeeeff8cfc3

SHA512
42942f1ff4db62ed295510b1e7169c8d764e455fd86303727e7a0c29c9d4e5aac1bb5fb99635fb6b680189743f2b81dcf55cf3f2e8aeb2417e7d16573c0ff832

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
1efb2049f300ee5a4b6288fb87a6f034

SHA1
273f8cb6d3aee2a14c8c725be679052be62a7f33

SHA256
7f9535f71e6cb4f0a04a4c4541e4b89273425af512f4854ffc5ded23076b5fda

SHA512
9eef7cb908a14568c251917a337b3b2bc740f4eed8f3a11684390754ea7d56fd642e9063c3da70cf0e5949ffb133a08cd5bb292a8a40c8c92606dd3cdc4620e1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
6KB

MD5
bf3e68817e5237eb5143f2c740de59f3

SHA1
25a6ab0c9e6045b461e98c75cbcc9cfce37100d1

SHA256
f72a3d0f619b6ee85964cd8efede31f91c6c9ef52d0e2ffe1f8477cb5341db65

SHA512
36f6ca19d016696d5b64ee4246c7974697ddc50749849a2c4b9adb4887e8a70dfb08c307f97947c355270229e27dd68a09390018648e8e0e3841b05bdfb28c4d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\AlternateServices.bin

Filesize
8KB

MD5
fb8c193645e41761b5ff9e08e027b80b

SHA1
8ca9b7b83a80fc1527780957ccb225e98d5606f9

SHA256
95818a26a90253f21471e7ce89b2b7aa8194a38687a7cf3b883549befe996cf8

SHA512
ec432674ed4e9d73efab8d94492613af6437002abb072dca431bcf5f1ca95eecd7ef558dda84f25491cabcff81e6440a4263c82c878dc017b486014bc00428a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
5ecc05521f0b093f8e0c04b31792b217

SHA1
d26514ca6b95ca6dbab0c9f63b04d190bc6e2d03

SHA256
564983eb0e1475a58302a0e7539a343dfc7371dfcf66b40f04c652f96e42d0cf

SHA512
026a67429549644f8c661ff58e3caefcc460266d5f1fd52b845c1bfd330cfd908df6bd6594a35b1637318115791a7d45f25506d34d95394fbdf9e52c374debd5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
dbd0c60c841e94339c0eb637f7b91efb

SHA1
65398991c1e34749f8036c284220a7a2aed6b689

SHA256
62a2292b9a26b3e19cd2c43be4a56df758658728fbeb4665f2d00eb959517509

SHA512
7b29ebf11ce21421976c9ced96292582d9f7fc1f19f5d0d26746f6e0a8105fc5bd9b97cf1d1c09d6f61e0aa7fe4c19fd9f18f79bfe7bdb1f77f2260285005d42

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
d1e75711b4545154dad4374084982fbe

SHA1
357e397fd699431d6cb1ad3338f4459f37012003

SHA256
637254f26f1ba3e8e99625060d35b74876c603a6bdd081b4f7350640db194cde

SHA512
55070345b9279d63e8ba43d7b95a64ddcd83fb34fa066d0753c43b7b9964c70fa5fec4162b8068a866a9cdc1fe1e86fbe29f182162bcc7d91ed719273865b9bb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\20d333e9-b8ae-4085-8457-f78d663d0959

Filesize
671B

MD5
1c3012d33873dbc101c1e891285a8dc4

SHA1
42326dc1dd91537fbb8af6d194719af4885580dd

SHA256
fafba4236e7ebe3546a2f1d720ecebe6b9003cde50d3cef5b125b28c9dc1f3ed

SHA512
4cfeff2e51ff09d409d06c484248b3f91e872d58ce423cb605109580f91067a7076ea3531511581bdcbb69c455a4499081a8a1912edcd6753e44ffc9d3127b58

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\44c088fe-a023-476e-adf9-cb5d4d90d0f4

Filesize
982B

MD5
138ceacadd8089708facbf42d45091a7

SHA1
086d296e90573cdad1464d7033ceceadd691b3c2

SHA256
51d7652f34143e793f0ac23700f60a6501925ffc91e2d1df725337575b9f897f

SHA512
cb3b773683fd62d4d7f83e62ab7e16dc86c6c7d0b680c1578d030165d99a3e321ffc4115ee6e2c44fc9f2e2a8a872b3532c7b9807808413ccf33a94dd3c0fb4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\datareporting\glean\pending_pings\aa9e3b21-e406-46cb-a1da-8e07700edbbd

Filesize
27KB

MD5
2d126f1a6682019f4327407c2ad745ea

SHA1
da91b497b2dcd1c8d5975b7e73d0d2e3aedec01a

SHA256
f8c87e0cbe11b98548fb726dfcf4067d689323f8cd1a60c66c0695de102b9d70

SHA512
bafff02c8b985a6b17fc3fb1580a026c8060b7ed353d6af8f8e676dd0b8e7cc1992fa7ef747ae190c3713f58e9504cd25f044540905d1e83b6fd3fb4d085abf3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs-1.js

Filesize
11KB

MD5
1dfd1063a1e41061b48cd36f34a33764

SHA1
ee8c83463b64fb78bc17305811d6ab90c81ae042

SHA256
0cca319da9806f45f348c8fa47cd8f12d05bedbaca67618663efe82904ba8507

SHA512
716a94e5e18d766f9812e2d0c38bd7a60a22ac9dd4edfacf797acc7654a41c61964c375f7f70a327f062cecc8d3a6d41a93d9d48a61ca6e646416aed5d8eefc3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dom8snqr.default-release\prefs.js

Filesize
10KB

MD5
c91d7b548ca925ec829c15c725d3e61f

SHA1
1a3c4594c70cff9ccf0ce71377d7945170f506ad

SHA256
a3b21c51f9dea52daa7c6c4e18618164b1656ad4a9617f52f7e72b59263745a9

SHA512
9d17cd07bc3877e56c645b9983a7f8479d958fc17f13ac0ab60104fff2096dbeb0c2d5fb780a4d009a2769b7942786f4c8325d042d8b6d228166f3ff90ff0813

Download Submit