hxxps://dgdsfhgdghuiuk1[.]s3[.]eu-west-3[.]amazonaws[.]com/dfshuidfhsiuhdfiushdfuk1

Analysis

max time kernel
151s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
17-03-2023 10:56

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://dgdsfhgdghuiuk1.s3.eu-west-3.amazonaws.com/dfshuidfhsiuhdfiushdfuk1

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

Processes:

setup.exe

description	ioc	process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\041da0ef-6e65-45ec-984f-497fcfd6deac.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230317115634.pma	setup.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

Processes:

powershell.exemsedge.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-4238149048-355649189-894321705-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

powershell.exemsedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
1272	powershell.exe
1272	powershell.exe
4496	msedge.exe
4496	msedge.exe
3812	msedge.exe
3812	msedge.exe
4368	identity_helper.exe
4368	identity_helper.exe
5396	msedge.exe
5396	msedge.exe
5396	msedge.exe
5396	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 12 IoCs

Processes:

msedge.exe

pid	process
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

Processes:

powershell.exefirefox.exe

description pid process

Token: SeDebugPrivilege 1272 powershell.exe
Token: SeDebugPrivilege 5048 firefox.exe
Token: SeDebugPrivilege 5048 firefox.exe

description	pid	process
Token: SeDebugPrivilege	1272	powershell.exe
Token: SeDebugPrivilege	5048	firefox.exe
Token: SeDebugPrivilege	5048	firefox.exe

Suspicious use of FindShellTrayWindow 14 IoCs

Processes:

msedge.exefirefox.exe

pid	process
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe

Suspicious use of SendNotifyMessage 11 IoCs

Processes:

msedge.exefirefox.exe

pid	process
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
3812	msedge.exe
5048	firefox.exe
5048	firefox.exe
5048	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

firefox.exe

pid process

5048 firefox.exe

pid	process
5048	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 3812 wrote to memory of 1744	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 1744	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 640	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 4496	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 4496	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe
PID 3812 wrote to memory of 3624	3812	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://dgdsfhgdghuiuk1.s3.eu-west-3.amazonaws.com/dfshuidfhsiuhdfiushdfuk1
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:1272

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://dgdsfhgdghuiuk1.s3.eu-west-3.amazonaws.com/dfshuidfhsiuhdfiushdfuk1
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff90cb846f8,0x7ff90cb84708,0x7ff90cb84718
2⤵
PID:1744

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2020 /prefetch:2
2⤵
PID:640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4496

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2824 /prefetch:8
2⤵
PID:3624

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3644 /prefetch:1
2⤵
PID:2072

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3660 /prefetch:1
2⤵
PID:824

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5332 /prefetch:1
2⤵
PID:4320

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4024 /prefetch:1
2⤵
PID:3060

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5452 /prefetch:1
2⤵
PID:1152

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
2⤵
PID:4792

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
2⤵
- Drops file in Program Files directory
PID:652

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x7ff708255460,0x7ff708255470,0x7ff708255480
3⤵
PID:4912

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6040 /prefetch:8
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:4368

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6068 /prefetch:1
2⤵
PID:2928

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3664 /prefetch:1
2⤵
PID:3100

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:1
2⤵
PID:1992

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6084 /prefetch:1
2⤵
PID:1312

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2848 /prefetch:1
2⤵
PID:880

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5336 /prefetch:1
2⤵
PID:724

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2140 /prefetch:1
2⤵
PID:3340

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2004,8241613036307683572,15740438035353431868,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2816 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5396

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1036

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:3912

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:5048

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.0.194745746\858284902" -parentBuildID 20221007134813 -prefsHandle 1852 -prefMapHandle 1844 -prefsLen 20812 -prefMapSize 232645 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5977c893-1a0b-44f9-ade0-f230ca9e87ea} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 1932 2215e5f5e58 gpu
3⤵
PID:1608

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.1.1107537311\471930480" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20848 -prefMapSize 232645 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {233839fb-6362-4f21-89e8-94607ecd8984} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 2332 22151672e58 socket
3⤵
PID:3220

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.2.1497418474\817400286" -childID 1 -isForBrowser -prefsHandle 2832 -prefMapHandle 2760 -prefsLen 20931 -prefMapSize 232645 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8c36eae9-7f0d-4fed-85d6-b43c90a5f3f9} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 1508 2215e56a758 tab
3⤵
PID:5004

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.3.295225825\1149252679" -childID 2 -isForBrowser -prefsHandle 3500 -prefMapHandle 3496 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {44888c19-68d7-42b6-b848-e1114def938d} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 3528 22151671658 tab
3⤵
PID:4688

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.4.1687129326\2032233803" -childID 3 -isForBrowser -prefsHandle 3764 -prefMapHandle 3760 -prefsLen 26441 -prefMapSize 232645 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f2cb94c-3118-4209-92dd-0062310bcd56} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 3776 221627e5958 tab
3⤵
PID:5136

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.6.1319566036\993469883" -childID 5 -isForBrowser -prefsHandle 5108 -prefMapHandle 5112 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4d57118-dc98-46c6-ba2c-7fb9668b4f46} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 5096 22164a0df58 tab
3⤵
PID:5880

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.7.1027022746\2131829469" -childID 6 -isForBrowser -prefsHandle 5304 -prefMapHandle 5308 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2f83602b-df23-4553-aa6c-b2721a9bc407} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 5188 22165030e58 tab
3⤵
PID:5892

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5048.5.1877228477\1579470315" -childID 4 -isForBrowser -prefsHandle 5008 -prefMapHandle 4992 -prefsLen 26500 -prefMapSize 232645 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31b326b2-ed06-46fb-ab82-44eb113a86ed} 5048 "\\.\pipe\gecko-crash-server-pipe.5048" 5012 22164a0d358 tab
3⤵
PID:5872

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\4d00ba14-60af-4add-90bb-6237948c51df.tmp

Filesize
13KB

MD5
da821776e359c32131c08c3bf52f9fe1

SHA1
a14ce3a7a1e90cd9f494becf7888415309ac2951

SHA256
3036bc11413e51cff94eb932f4b41af610ef385711f3e04fbe76e44414a8d9e6

SHA512
04cd5bd9c35b8f3b4608fcbea538477cee50ef4a4caa62bf210faa5ea8c897aedabc4ddae2fcd1f18089948481e0fb3c9cf6961ce388925bcd1ddfb2583a3381

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b8c9383861d9295966a7f745d7b76a13

SHA1
d77273648971ec19128c344f78a8ffeb8a246645

SHA256
b75207c223dfc38fbb3dbf03107043a7dce74129d88053c9316350c97ac26d2e

SHA512
094e6978e09a6e762022e8ff57935a26b3171a0627639ca91a373bddd06092241d695b9f3b609ba60bc28e78a5c78cf0f072d79cd5769f1b9f6d873169f0df14

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
216B

MD5
598378ad69eb4562530f43ac6d2405be

SHA1
ba02dc6079d5df193c944d371299da64d1e1cf54

SHA256
4f80d984eb4ca001d9c88b575c096581503c5be2325c12ecbd7967c4b6dc8046

SHA512
fffb0c4d19a7511907f482433546bc76c8cbb512cc4e87e63cf0f34456b0b701f03fa75917571b6ac94818fec448ffed973e7d14cf13212fd23e125590f422be

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index~RFe571e46.TMP

Filesize
48B

MD5
2cc17ff7279520baca70002317a191d0

SHA1
0f97fc50d5c180c8ca1aecc0aee7f151616c3186

SHA256
0d530a73067f7493d3797fce2173a641bc870cbebafb65cb4028ed50234f2457

SHA512
bbb0d96d9a560c648f8b5ce0e9d888635db63702816cc7ee5fbdc87836a6c8fef9e34e30d5b778604fec314d5f16a833955d5f22f38cf6506222af8ba76e2b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
08c11f9680d0fb3726cc402eb1ed5df6

SHA1
a90c44d410bbca488a5deeea4873a30298f7bf80

SHA256
6ad6ed4a7a35e0238408424da273a75636ef81c068fea3b5f4fd37e71076a3ae

SHA512
1df42b87b5f7c1e8c9da6512ea9e7571b14c1b85955cfb3012a6cd6a8907b4ac5e64399dc10d3317a53954c809623bb83530b9c8d503ea5afbc3012a321196aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
866f2c4e5fa1a07762e2ecd1b7dff97d

SHA1
61dfd9b4eeedd1f84a340e5ec226720549301620

SHA256
48df9456fe68d944b494c9e45e06c1d07504b2b0f48f0747d0bf69a2f232898d

SHA512
1013b577f44673d264b328afba08373e324b9bce7cbf01ace781322d26120324ae39a6fdc11d2d6313c77b9c963777935bbb8f03a5e4b24437c8f2cbe29fb85a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
b1e85f8301e275ed17e27a76d93f2004

SHA1
54d35aeaa297aad9f623b35fa59733a4c09aac64

SHA256
e156409757e0e0472956c545b4c81e6bbe1d5be1a024bac9cea5363bf4ba6622

SHA512
8df0ac6d7bc3024a4630279a86047db3f512474482b3f20d547b5658cdd504288d4f44408c4593d1c4709e37bd1d25a44b5071f6250b372ef9fdd0f5e72ae694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
54fe104fabe680e992201c120d9010ce

SHA1
8951c829700ae71dab7150ea9cf7392b5bef77fb

SHA256
16b691ff6a4b3513761b6b3423bd0c9eb3d87a222e3c8caf02c4167ace19f1e9

SHA512
cf6196831bad406432884ba38b379f4b59614d2a2f82e7870990818ed48973181cf9995c7be88b415db09c416ccba130fdb53fa0b83ef267028304599c50d78a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3a3b1fc945ac55f60cf8996401380c46

SHA1
6a881dcd4cdfc2a22af9957e4e774d2aad8a89bb

SHA256
848384aafb6113e5c1d65c2da2d3a9b155c7635e19eb43baa63ac137d84329eb

SHA512
384389752de1057e9d4056d459f73f4f701d40d915f95a4ed0aa9170782847aea4698b3bb61061997cf288b95ba1ceb6b51f1bd9a2fa999677347ca2cbe03006

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
b878370ac712eca2459134b89f4c3008

SHA1
8e65d9182952a0781fd9847bcfe0bdcd749255d8

SHA256
528c3bf3de2bcd989be0e75a2b470eecced530444c4cef6ac3b791a46ac6af59

SHA512
7a78f245db45bf856e9e8fec23d530a0be2b9b1dd0041f90b20eda39c8e5b07654154019ff099593c9ad71a8114f57495473b26cdd667762ef1ece0fbcf27434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
de0fc3515f7930670dfa805a2a9a8eba

SHA1
5885a44a1b7469c30cbb635d2892f2ad555b3fb7

SHA256
0a19f77cddb4221adef7d670b8f29727f7194d6c3e27f60e137b9965bd1bfe99

SHA512
ce53c106ec4cfcc052fb425f11cecc725312afb47900bce0d7cb474bb40218c70b33bbf55380467c8fed592ac84b1454681976998cbdb9ed119a62e798d1e8f8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
60b345592703258c513cb5fc34a2f835

SHA1
39991bd7ea37e2fc394be3b253ef96ce04088a6d

SHA256
7e358b4f7553c9385e8eb2c5692d426bc257bbd4c0213e6c69294459734f6300

SHA512
0346fb4096eb285ab0fdf7e7ec38c4daf7bbb0c506f09975eb2290121d169a34c886fca342c3e06371cb697f2753a697ca4f72af7817ed340eee6063897110a5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
120B

MD5
5e749696e349dc5122e374c4c8a882a7

SHA1
94983131ef9de516968a8a84551c11ba35b0c150

SHA256
433687e6e27ebdaa3c35c3d577f131241b1e4e1a94bf0245a96fdaad6f4ac9ae

SHA512
009b2cb146711cbbdf2a659bbcc3b3fd9d5c7e69796a11926df329e7cade56cf0c00005c5c88014445b2a28b481179afda10f504731d9cac8495458738db7273

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe571f7e.TMP

Filesize
48B

MD5
51ce14d0feb3aa5d7f913969320a2fae

SHA1
23797a3970d7b1b3edc477b8a5ba1102d53ffb1a

SHA256
01e9ed8c028a5410c2458aea056d6ccb01b63b3d88a5ea623535679b1ed8ce67

SHA512
6a3f6c07304c757cb8a2ad1224d02870d46424d8a83430c180af88b40dbd60e923964f380664df94b43418ddb1588f3ad5d570a97c70e33e047e2fa3754dc46a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
8df7bf9dc9cdd1d951120a139b8254de

SHA1
668c8394dba12d6bfbc83a37befbf3f7bd9b6e60

SHA256
03b20d816b6cba79f547c9959a635ab6e1a16c44a8982a0a28f7db97ba71b7d2

SHA512
0843b151b061a4d7a3981487dc2eff4ec14750751e91807f15d9a63ec16b88500fae748b14732417930713d769af20c4fb1ff31f206b73e228cafe595c026cc1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
02ea2ffd333925ba7f9a71d3722a42fa

SHA1
51d10836c10d3327989574c0340471b9657884ee

SHA256
e93863701b165937787d002bb4a22bb52b734368333dc7e06cd26eced47d3fad

SHA512
56826a434fc2125f6f8d52ce83923fc1a108cc3bfa84303299cac3331e4ce4a3464e0bbc9d9fa9b0c99fbc2afffdb1783afa50a48b9454a95127b61d712a3a00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
f866d2a7710e54e356f2b602baba0628

SHA1
feb487ee7feb3bba1864347b47651abb755a0217

SHA256
4f6e65ecfb1160ed83bd7207d3b7c31ca5dba52f8da15df7291b1dafd47362d9

SHA512
c8e85f399b2bf05c850f60ef79d21248ad3d33a06385075bbddaea455e868c45ab272369623ae30713d2d12eb56948ce38a6c491f0270614f0ac480ec4531749

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\activity-stream.discovery_stream.json.tmp

Filesize
148KB

MD5
cca3e69e9ecac2d7425b66820127edce

SHA1
3faf7ed65e97c6df5a68cda749b1ba23a688b3cc

SHA256
2394b285fe25d89814dbb8e51259e31a941388bf8f7ea0ee86f760d8c43e8b0b

SHA512
824693ead5c933bb0b48d074fadaebaaac59eaf9589a296aa372c4cd25bbad0ffce7f42dbbfce12c98d62edadec7a0863a7145347474e82a753e7bb241b72faa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\184C843EA0B8CD10730CA2564A233632E40FEF45

Filesize
14KB

MD5
64335be5bdd8fb10a5ef7cb71bfd74e2

SHA1
56d26420e1e6c1fc7d1a750c643ff80bc69a1810

SHA256
fe8c0282eca3cf21041ccce5d7b8cf1fb37a13cb21bea0dc8a563fa9abbe8909

SHA512
87b79d1c1fcec441955e7396398404b3030ac45a3f3586376a9cc8557b1331168c73c10c184734446bf2b3d25654d0ee0f657e899ab512ffc112bb615269dab4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\jesyn8dv.default-release\cache2\entries\D5594A2648EECD01993B5C42919BA64ADBF56052

Filesize
14KB

MD5
4f4b36f4ea7015113b5361aa581164be

SHA1
b17420a953da219a807580ab238413a114c27622

SHA256
1d749c9adbb80047222168ba1a1194bf31f75430ebaaef381783d31b9e155192

SHA512
e9b64d060fa0c7ceeee757bc968ab2251611f3561f89cac44574154943cf20ad606ac690464250db91e4a2446ddcd0cdc867e7d0e38c003d6127a99e3804583d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_yjvvhqgx.ksd.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
08c11f9680d0fb3726cc402eb1ed5df6

SHA1
a90c44d410bbca488a5deeea4873a30298f7bf80

SHA256
6ad6ed4a7a35e0238408424da273a75636ef81c068fea3b5f4fd37e71076a3ae

SHA512
1df42b87b5f7c1e8c9da6512ea9e7571b14c1b85955cfb3012a6cd6a8907b4ac5e64399dc10d3317a53954c809623bb83530b9c8d503ea5afbc3012a321196aa

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
0f909f376354fe71298af6c58ec9a142

SHA1
0094092dd6a212269e625c25eab7bcbdc2e9598d

SHA256
d18fe673fc9e284733e36a8d4da89e5a08ceba6f0d0a998f14bf56dd5b92bf7a

SHA512
f6de4bdf6ca28d9b3360ba072fcd2ba7079077b7ce7843b6e7757976050b53cbe2949202c04b5d166674dc79c22f32ff51d983781539d8ef9ac27e4ab1e8f470

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
f5cf8f40746cb1c01800003029830f10

SHA1
40c8d9edc5eb920a17733462636ddfd209e97ce3

SHA256
a9cb12631a78f7e66cf0bcfa9b942c914007d0cc09bc21eb5a55cf0e6cbee254

SHA512
5efdaa4c9c0683ca76eee95aab75087b0ebcbb24c3cbe089c3722963f3b1a5ba45da05de25c07961d323472330aa8c954517a28d40ab9c68c906e69c6c575cc2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
1cb1f9f47bb40c975a9174826ae764f7

SHA1
b5a61c5bad2d1d35a271ae3935ec88ea595198f1

SHA256
e66ac5fe7f2586581c81ec7ab38a8883672d114910ebb55f02e76cc5d0d5ddd2

SHA512
1dcb12cd42e14b22afe93e4083071716b33c521c947687b100cffc7f5566fc7138bf19ca1142aeff1c20f9eec44b7999040b9a8045e0fbaabe0b5ef06be5df48

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
6KB

MD5
73158cc7ee400e7b1119f0ebf5495c32

SHA1
f6934223df3fea9991ebab1d578ccc15255b4278

SHA256
87f1a0ec6b56d6674d1d40b5b186b29040de9874c9ac8cb8fffbdd549cd0f3d5

SHA512
15a4653a3a90d04713a610a8f09ac45b0ea3edda5a4ff58672aa5ef1262d72140b3ccc1213f8e0e69a9159aef507bcabd9360f5876b7a3ca9626b30fce9de918

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
7KB

MD5
432503b91ac467078989813d99f1df9f

SHA1
6de40ae3932a734e81be2f3bdb0256a370121038

SHA256
5e66bcb344d245c059a1834d1ce6f7d71ae4b62ec9ea3c8726434b4f8c2c3f6d

SHA512
40d4b195c146e35ffcee2135710ebd0a05528937f419d1f675eafbae4ebc5dea7ceb2b76d86b9afd43536d29776935323f8256829c096320eb31d8b23cedd0c2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs-1.js

Filesize
9KB

MD5
ff08903fb6131fd15a6d8702dd8e5ba8

SHA1
43e79e4e62547c5f7b10b16daa6750619b7d64a1

SHA256
4fa1b8ec058ad3374020473b048850b511a9f202334f4537354996d36d20f750

SHA512
eca2ae835ff328e210f2f9123b86943fe389a60a4f8a908b719a6a335236df5c922a943dbba166d284524a037aee65935451daa35ba02dbe87a45e8a595f0795

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\prefs.js

Filesize
6KB

MD5
9971fa8fa89a208685d3e30835832fb5

SHA1
5d9972a3bdbd4c18b3648597d2fd9f9fd6e30300

SHA256
13417a67a65fecc73ad5acc94d17d8a6fac3b0a343daf12d1cd2d126b9198084

SHA512
02b107e0d9449fa2d4d3655a880fbdeea4477205fa6c21aaf641c3d358353aa437cf040ec842107f973253bef767e48b9a0267dea5ed2d331aa192ef540e3b1f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\jesyn8dv.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
5eb9dd2a760943ddf41a9775e93b9c53

SHA1
26a83b76429aa0005d84da767801cca521a25bde

SHA256
339f2a8501820223b1d4ba575eeab5a2275fa5078eecf6f7b13de9c577d60104

SHA512
6b001ab97abdf1cc8751be6094101675e4f02348f726c40e5561e0ba0225316cd2eff05e463970064ac8465308172de611e29616893ba5d5ae84c539446cc548

Download Submit
\??\pipe\LOCAL\crashpad_3812_RCPQHLORHQHONPGR

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/1272-133-0x00000215AB4C0000-0x00000215AB4E2000-memory.dmp

Filesize
136KB

Download
memory/1272-144-0x00000215AB4F0000-0x00000215AB500000-memory.dmp

Filesize
64KB

Download
memory/1272-143-0x00000215AB4F0000-0x00000215AB500000-memory.dmp

Filesize
64KB

Download
memory/1272-145-0x00000215AB4F0000-0x00000215AB500000-memory.dmp

Filesize
64KB

Download