hxxps://steam[.]workshopcommentary[.]com/sharedfiles/filesdetails/AK-47_Unbreakable_Bond/

Resubmissions

26-12-2024 12:27

241226-pmxnnsvqez 3

26-12-2024 12:18

241226-pgr61avpew 5

Analysis

max time kernel
171s
max time network
161s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
26-12-2024 12:27

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://steam.workshopcommentary.com/sharedfiles/filesdetails/AK-47_Unbreakable_Bond/

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies registry class 1 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2437139445-1151884604-3026847218-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
2676	msedge.exe
2676	msedge.exe
2860	msedge.exe
2860	msedge.exe
3908	identity_helper.exe
3908	identity_helper.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe
1128	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	2000	firefox.exe
Token: SeDebugPrivilege	2000	firefox.exe

Suspicious use of FindShellTrayWindow 54 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SendNotifyMessage 52 IoCs

pid	Process
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe
2860	msedge.exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe
2000	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2860 wrote to memory of 4876	2860	msedge.exe	84
PID 2860 wrote to memory of 4876	2860	msedge.exe	84
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2392	2860	msedge.exe	85
PID 2860 wrote to memory of 2676	2860	msedge.exe	86
PID 2860 wrote to memory of 2676	2860	msedge.exe	86
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87
PID 2860 wrote to memory of 536	2860	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://steam.workshopcommentary.com/sharedfiles/filesdetails/AK-47_Unbreakable_Bond/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:2860
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffefb2f46f8,0x7ffefb2f4708,0x7ffefb2f4718
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2112 /prefetch:2
  2⤵
  PID:2392
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2200 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2836 /prefetch:8
  2⤵
  PID:536
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:1756
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
  2⤵
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  PID:4312
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5660 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5308 /prefetch:1
  2⤵
  PID:4840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5264 /prefetch:1
  2⤵
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2956 /prefetch:1
  2⤵
  PID:2884
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
  2⤵
  PID:1396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5000 /prefetch:1
  2⤵
  PID:3388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5160 /prefetch:8
  2⤵
  PID:5360
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6140 /prefetch:1
  2⤵
  PID:5920
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5068 /prefetch:1
  2⤵
  PID:5928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:6292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6284 /prefetch:1
  2⤵
  PID:6300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2104,5697350978884647125,3492101782675038463,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4804 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1128

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5028

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3408
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2000
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2004 -parentBuildID 20240401114208 -prefsHandle 1920 -prefMapHandle 1912 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {52e2ebb8-5b3b-4ec3-9b9f-b13a39215d61} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" gpu
    3⤵
    PID:1056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2388 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27def087-2c3a-4512-a47b-8b4f723dafef} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" socket
    3⤵
    - Checks processor information in registry
    PID:3144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3260 -childID 1 -isForBrowser -prefsHandle 1628 -prefMapHandle 2980 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d223fbcc-a435-4afe-9ac0-8a5b1e16f01b} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" tab
    3⤵
    PID:5452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4068 -childID 2 -isForBrowser -prefsHandle 4060 -prefMapHandle 4056 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6560ce03-91fd-4422-ab07-ec1bf2184c7a} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" tab
    3⤵
    PID:5800
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4888 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4988 -prefMapHandle 4984 -prefsLen 29090 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {52647caa-60e5-4258-abb4-8705536981ba} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" utility
    3⤵
    - Checks processor information in registry
    PID:6116
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5272 -childID 3 -isForBrowser -prefsHandle 5224 -prefMapHandle 5112 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1d7bbb57-bd78-47e5-8171-7575cd0eec79} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" tab
    3⤵
    PID:6836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5396 -childID 4 -isForBrowser -prefsHandle 5404 -prefMapHandle 5408 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42cd3742-be65-4a9c-851c-3957d55f246d} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" tab
    3⤵
    PID:6848
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5672 -childID 5 -isForBrowser -prefsHandle 5596 -prefMapHandle 5600 -prefsLen 27097 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b9f1499b-d970-40b8-a85c-1f35cddf65a6} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" tab
    3⤵
    PID:6860
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6036 -childID 6 -isForBrowser -prefsHandle 3176 -prefMapHandle 2720 -prefsLen 27257 -prefMapSize 244658 -jsInitHandle 924 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {77e3efc9-cf31-4415-b75f-cce036c5de42} 2000 "\\.\pipe\gecko-crash-server-pipe.2000" tab
    3⤵
    PID:7060

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4444
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  PID:6768

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000022

Filesize
29KB

MD5
6c14bdb08b9842c605907d6edb2aa3ed

SHA1
04138c3157ee4032c18d2aae13e55445ee803233

SHA256
f7ad544470b6d2006c6fbecc29e95e31bb02211e2c9fec8c6b91711c2c4694fb

SHA512
c84c5203c79bb5e8cb8b2ef933e497789f914b64f95e0d6f928faf0bcafcdebd3710646279a7cc37455907928fac826dbfd6ffde471779021000c45151544b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
504B

MD5
fa5df9d97af5a9b328584b7679d3c87e

SHA1
1abc6931a6181d1fe1245d5e463b157c628fc4fe

SHA256
d3e89af80f74c2e9babdd3d26885293521e35891adebe266e82748c868eaafc5

SHA512
a24cf8c121246c9b79218087d30d60d8d9d0a3d199a795c9aedceebc69dd78af4b04e084d362234b99365f18bc8121b92821019614d1f440dbab782f77ed3930

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
528B

MD5
763a0a2233ace38712ad31a740a24065

SHA1
7a12c35670ac998d7be75606e799f56588cea5b3

SHA256
f95da9f9106f82262fede695e271a0d9a6e42926ac4d19bb3f074be74e1d9b43

SHA512
b5f4aa77cb3ba7639b6426cac3144187f6452ddfe22491d626f092ed1b687e648d00e58f2a6f40d85b7dfd0c611edf92298d3df47873cc7c8dccc1b44cf1dfb6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\History

Filesize
124KB

MD5
c113b75fb5947af3a70bba5819305a89

SHA1
d389e60b8ce77b710ecfd88b21a65f9d16e6cd55

SHA256
c40968c57a57dcf1bc03edc665e0e498306d39f95d2f57589c7d367deff5ed14

SHA512
cd59e9d54aaee1211a3a34dc35171264df4e7e512ef39aa7bc03ec7e6585ff3ae673da499a5ece478804d7ec3cabbb32c72b83e66d14b91fd15b2d113dd883a9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
788B

MD5
d22d28adcf7417b34e571c6dd85bbca0

SHA1
25dab7254dc8e980782c25ecc5da22583b8e5109

SHA256
34486ff05ca65c24dfd5f4e1da171220d0202a67fb037d7543ab47a5c3464ffe

SHA512
04acafee8fa1f10d4ab4c9b22332d13e99d3f06bddaba275a8909f6a18ddd1430b30ace7082b5f2bea0196d02fc7e2b0c67020d61519cf5ced7c7808cf5bc907

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
2b9827322ca6435fbfdd27547590a87c

SHA1
1c29a4aa26188303759dd52914d23117c9e20fa7

SHA256
cb5ebd5433e13d6712bf20233e54274aee233770740077aab321074c7848953a

SHA512
ef914e4efddb9ab1a6be59c766e48984f1fba603c2a7a82905aaecb89b3ce4a753e4a051a3f1141efb0ed3fafd536e4b8685aa4b3cf0116eb9a6f215662a84ca

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
4d0277f1d4701aaa4f90c9fa417c0159

SHA1
e47643791f26984f7ccf60e411246f2700876161

SHA256
b2dcf77f05557c18d4279829f302d44ebd3f5babc0a0b8f068e3e18a32b08df7

SHA512
539677dcc62bf2dde76d853f1ad94958063bd2fa913ef6beeabdd08bd5f69ec2a52cfc3b410176a56aa519e5503aa7e8be7c78e05154a4da48f57fd03bcf1e46

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
f72af9adb1a91b46f8d33f419cb56d01

SHA1
9961ea39c428f93d036accf65eae5a5bb269c134

SHA256
0c858d863d72c8505f5663e29b507328e3173c070cd2f616b7995c71672e8438

SHA512
3357763dae4f7a40c3b883191aa428acf915fc36a26777595c0aa4d759f033457eaa121fe02cf74530b81ac99f8b0ec6dad3e0202a5d137bf3c847cebdb1397b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
422bceb8c532b3114687961870c33397

SHA1
100309b0694cd6fd4d1cf95a097852367be16842

SHA256
9baf0f1ce02d012d40ef6882ded1cd379bd49bd07634d79b0cfa4c63764b0c26

SHA512
136427fed2a14a5af1bba6309958a0b4b38a9636148baf3095ac8c193680652fd2cb9118ad2f4955fd59f8e78b60a5199bc7e00c919cb94fa8e46189e62a68c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
20d2d9f68ccb61dbd679b5877252239d

SHA1
0d2e94393881f6d33fdd5b06476ddfcfc30b448d

SHA256
bff62258b58c0d79a67bb5ef1dc1a50e631a47e3a622da016441f4d5826aa334

SHA512
2e48e2ddc26eae6f05ef474d6384358451b8cdaca17a6ac7020640bfebf6a29b66ff5209145bf4e1451a8b46b45ca41cb7590a93d27642a4e25c48aee93a6d57

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
db22fa9a57714e47c1c0b405407ad92b

SHA1
2da4c8604e3356b1d559bea0e549b185d21323f5

SHA256
6806c91fa77178f0d3317b1a157a0529416406a256200e8d5b675384a895d503

SHA512
69f28388df31cfa4904ccdbda7879354b86583928a9fd7e4c44a20e462ccb4f73a6089137537b1ee1e3a7c10d5a25500812501a38077c60978af437652412116

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
dc7fb3b6db1234e34830c11f06aff026

SHA1
0cb32b700c34f70dbe6b0c9dcd02415c8ab21480

SHA256
9159c76b21e3043f2a12773fb3bd00408849072bb82e3530d5dda2110aafc49c

SHA512
0301e9e8d6e02dd10bc7e8299a28f6dc4de8d0280c4d85297e5eb83f06146a67a7ace09ed86b3088cff4bd6151fdcf6cb7352df845cc1c727ef37ae291abc777

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\activity-stream.discovery_stream.json

Filesize
19KB

MD5
d97f7db9eb4b846d75c42c3c68cd5b6c

SHA1
f59551d7ef359570d843248be0391c701059b5a9

SHA256
d5b792133fcdc792a901c3ca38b30f0be8f1d4c9dfe5d23eb5e07378f2309215

SHA512
87670a86f4e44d536bbe641dce59a4578683e62675326b533dcf8f470da66281b764e0ff580b48c49c9816a01a9ebae21f0412ef1d8c0c8904db5a95e855f2e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl

Filesize
15KB

MD5
96c542dec016d9ec1ecc4dddfcbaac66

SHA1
6199f7648bb744efa58acf7b96fee85d938389e4

SHA256
7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798

SHA512
cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
479KB

MD5
09372174e83dbbf696ee732fd2e875bb

SHA1
ba360186ba650a769f9303f48b7200fb5eaccee1

SHA256
c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f

SHA512
b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
13.8MB

MD5
0a8747a2ac9ac08ae9508f36c6d75692

SHA1
b287a96fd6cc12433adb42193dfe06111c38eaf0

SHA256
32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03

SHA512
59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
6KB

MD5
e6c773fe8f8586e0afcd8342841a35a0

SHA1
c21343a994e37a0f4c5454896d4b8df0ee02e588

SHA256
db049ad556a28c6865fee11b1e3ac71cd903062a5763574af613ac2ea801e38f

SHA512
e76b81dbdd28c50750fa1fbfb61e9c3e890d4afc7f0d333f63966fba7873e63aea1ac105b7e048e12abc422a441fa941bcda32c04804ca628a07a9a199fb785b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
6KB

MD5
e5460580f1cd597ca37d8e1d608c9060

SHA1
af605c411838b231b2885332284be1f407e4b28c

SHA256
410ac278dde74452dc4507c3660736ec8dc11007d7ebed847ed6aad7e1f4bd41

SHA512
eb3baf53ce5f3e9ece6df86d0f67f7e1ab73f6c6d0e50aa9b06630cbdadaeab20aa65ff8bbe0f64f09d35545ba92789714018e1afd9b97f21f4bc18231a83a78

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\AlternateServices.bin

Filesize
11KB

MD5
6e8953336576193ff399a6bcb6e01131

SHA1
afb06fda6995a05ba2737e3821a837aa4ed63d05

SHA256
e68f13a912860b98b8e51455b6db88824d40592012cda144116d6de0b6d20023

SHA512
cd5e754116e0c058e1e94a67deaedf513bc7e864398f4c14a4b2607635c733191b1314f187f4a39d092c60d07158b9a3022f044f75946faf9c09313c4f8c9337

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
037ed1b3a00a8e7b629e6611ff99a1aa

SHA1
73994e5a7d66ad4b21f8ba08c7fe1adb592ea485

SHA256
23a7b84f31d1f319107ac25b4d0e7f6d4ea3e93d320513a7b6b2282d5989e766

SHA512
badc9dd4caf02bcf987570d6a75bde01104c2009bc78b60d58ed0272a1e98b78dabc3ddf35c51f10366a520d83ea5729eb8ea75f94038e0b29f180f72628421b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
dd728de332c64bf36bb4a7e3353e1bd0

SHA1
17bbbe784d21b77ea097c2589dd0429a30c1da3f

SHA256
820e1f1d75e3ffc596d8bacc3d21bc039ce3b534f4f0ec47e78848a70f88b8db

SHA512
0af0fca525188b824dae2ac2b903855f82a7e64a5008fecee645037e4069d36bd8717525d30916c3c46b4632e8f659d667b25d8609710d6e0488eb0efd838dec

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
7KB

MD5
43f10d408fdd47ad3bb44756f628ab9c

SHA1
ca3b3aa3657bbc38441981c38535df80b045cfc9

SHA256
40e0f5623fb6efe0588cb1e763c80a63fe868ed9487fb9e10ba190daf5434461

SHA512
bc576fab8b3b79f9381c45c85e2d5d7f99fffb2f4d287e5e4febbd47f5e74347762853beeea432cec7dfb83e3109980e108e3c87c9e9424cdd00d52cf20be07e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
59cf44381ae5df78d1405e96a13bec36

SHA1
d5554ca21f1b62f586fc346e1491b498507f07bb

SHA256
045c8f166dd5e8d6daee917a285f130dac93deb5880da7ec08f6c2dde022c9af

SHA512
aa38ffc071147eef41a1df8b5391b41b961fa239a212f7db5a313a84034f8468032522a785d2d121e2f100fd51753eda7f3db5a9b8cd496af2732f3d226c2e92

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
8a79cb192d6673326530a3a25db00fc2

SHA1
9219ba7286ef80e110375f55594dcc64fb67e7f6

SHA256
2579ce038b497157dad55c5cd94e42363bf5e1fd504b92b8844c11a463ac2b18

SHA512
209a65bfbe8dc2c7b3c61b0b6647699133190870f86571efb0d72fa5c1ffbe51a0ca6c2ca0d9b57d13797edb3cd2a7b493edc64289e8104d4084a8e2bdf6a31d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\2b03ce79-d2f3-413d-962e-e3f6c6061bbc

Filesize
4KB

MD5
7c0482f27962e383fc7f37a4679e69a7

SHA1
3a00c015e8b8f69ec76ed541f01c2449c989cf1a

SHA256
e30831c3a4be567f1998a600de338599cbd09d4dae555c878192f08b8506a805

SHA512
2935ee0b146655b322fbf25df6d49c2bee5ca83a57ccc493c39f44aa6971572022afa659c0e2b02016ebd0a782028b5824cddf1f7208242269365c0b7c44ea7e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\cee4e1db-9c7e-4b9e-9acb-4c818d33fb24

Filesize
982B

MD5
ca39ba148a212e0484737227d65c2d93

SHA1
0660548a9038073a4b0d1f1c92752e80c085dc95

SHA256
8b5c4c7382a30c65e090c3ddae5502517c4bc7e37da74f6bd6cd2898766ebebf

SHA512
609f79427ef6961e07102e5eba065a389a78479cc36e41910eba8d249ee0591a0a3b96513fdd3419d362975f782244a7ed91715fb87df2f914f94ba220e82de6

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\d81e8d4a-127f-4ce8-9675-8145a7d3a93e

Filesize
25KB

MD5
63b592e4d9d33f2c911f6ffb2102e75d

SHA1
98c6ebe8b88367421af09f4aa63dd4b02976c723

SHA256
f43ddf5c9b637381558202d3e7f2929f29d966b417420752c62051880f88e1c6

SHA512
dc816289e20a0e39ea5f8acfd1e9d2738196577b39895c1e104a417c0c274e344613416abcbe2a3aad6aa8d7c4ceaba7714ef292e446012b869d11c494278c25

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\datareporting\glean\pending_pings\eba11b84-7705-4328-bc4b-9f038fd1b41e

Filesize
671B

MD5
44d8ac731cdb4f121e49fdf107b14568

SHA1
5e545d57159e3ebfda262ff0fbe30f112baa2113

SHA256
7684b6ad9035a424cea776486217328cc7ec5f14d4d4eea6117a42be45538dbd

SHA512
d24ad888dad9a29d9b8b6a20a33753fdaaa1c6eee7e4cdb069a5d88408085c4501563cee2fed912f5b69c5e76f9f5e78225bb39b61dadb9eba8253b2010da9bf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll

Filesize
1.1MB

MD5
842039753bf41fa5e11b3a1383061a87

SHA1
3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153

SHA256
d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c

SHA512
d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info

Filesize
116B

MD5
2a461e9eb87fd1955cea740a3444ee7a

SHA1
b10755914c713f5a4677494dbe8a686ed458c3c5

SHA256
4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc

SHA512
34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json

Filesize
372B

MD5
bf957ad58b55f64219ab3f793e374316

SHA1
a11adc9d7f2c28e04d9b35e23b7616d0527118a1

SHA256
bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda

SHA512
79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll

Filesize
17.8MB

MD5
daf7ef3acccab478aaa7d6dc1c60f865

SHA1
f8246162b97ce4a945feced27b6ea114366ff2ad

SHA256
bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e

SHA512
5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

Filesize
11KB

MD5
08784320ca358cac97aa1b328c6eb1a6

SHA1
2c8587978e1c381e02e3408fa1daf9cf8137b9ea

SHA256
397b3c06b4b6fe1a77daa04f570365f39717b36c10e352dca57990e16654f012

SHA512
3a49210e58716ae1befaba79c9db1c1f05cea8dc573f7f9c3e43d9eac2428e34a5bd320cebcb532d2c6acf3d14e3aa94f74fbac208023b5b2a458272e1b91718

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

Filesize
10KB

MD5
42510817ad7db638679d5c94b3c8c83b

SHA1
05f321d5bc183ed663374463757e6a12aaf0c914

SHA256
a4b0147bfc4dc9a61ffd24fc8b7eefd1307b3db83336a873b98a05f790994f75

SHA512
db9cb174f03a3cb8f0e0f6207f695494803faf71e5ec636d6b6c86a8eb7d6c8216b89c09654859a153582acc8eb1b830cd61d271d3067ea7247cef7d5b64ac2c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs-1.js

Filesize
10KB

MD5
77fc689b42cdf46ce6372d719e3d452f

SHA1
8d0c59ee6c93b81e8ca6a340464b68c4b63cdacb

SHA256
c45a7ebb39322c01272b1a9f222a31a675d33dab8cbf7f10682868a2c0c840c7

SHA512
10d439a3c933a1ee88d3c1acd11a634e97571df4ba3b7e1949a40129c1217e7ce646a65fe043f18326895d603ba76c805f33d5180f484fb9892ff07191e9641a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\prefs.js

Filesize
10KB

MD5
f29f3418132dbaaeda98752647bd29cd

SHA1
997a42bac1c0cce1cf4473a3d2492984f50d7a19

SHA256
1349bfd723d9a88dd0081222ea4849423b25ea8751cccba40d49083c4f1b85c7

SHA512
0d6fd231f95d607110c0c1fe98ea03ffe3a48c3c650dc00840d586bf20274861517eb55a2216ebe4dec1f6ac7b45fc59226067983d16d478ee11ec26a0fc682c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
7fd0ebd2b627cad479f8b3ebce7da67e

SHA1
e24a60e50f71d06bb7176d641440afec7cc9865d

SHA256
b946ef31a7c326b1b2e39099a0bcddd8beb8085dec5f72d2c8eab502a64182ab

SHA512
c8f933163c122288e8f8c7197ceeaf9a570e9a217c8b025b1af5c4fa9dd3dd5b1d0525dffbff3677414b85128c88d06554532ce96d91ec97a2277719679bca6e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\sessionstore-backups\recovery.baklz4

Filesize
40KB

MD5
5e1409eeeebe33dd987495d5c5792243

SHA1
bf3d7e31ae9fbddaf00c878b8b909477585d2646

SHA256
6ffd8279de91878f8e5aad8333d15efdb1b344eef7218455baeace42f26ee332

SHA512
acc6007f791a432953da6c07fe3afbdffa32e61b4118bd551167b74bfd3ce2d5c67f83213049b9d0499e251e26d6742183a04e1c54158b18d164e44e4e1770f1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\iz0mcgq4.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
384KB

MD5
1726eabccbb40bb062002ab7d3dd21bc

SHA1
33474adfa14a18ab71c61e0c458720aac1f9504b

SHA256
78f0fccee34083643e00ea5d44acfcf922e356bd6446330109eca684d523ad22

SHA512
abd16cfa4a48e72e4b05c3650b23a4c3f51344c283d43a7add4761eff2e76d4b1bb62c9a2a9d6afdc39456711cf222a777578016da843141f8e5815f1296329a

Download Submit