hxxps://headshot[.]monster/VZNRCD

Analysis

max time kernel
67s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
31/03/2023, 20:53

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://headshot.monster/VZNRCD

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\38d11a1f-08ee-4a19-aac5-b79e5762e9f7.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230331225448.pma	setup.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 29 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\TabbedBrowsing	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateLowDateTime = "3207903668"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	IEXPLORE.EXE
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\MINIE	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastUpdateHighDateTime = "31024163"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateHighDateTime = "31024163"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\IESettingSync\SlowSettingTypesChanged = "2"	IEXPLORE.EXE
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\DecayDateQueue = 01000000d08c9ddf0115d1118c7a00c04fc297eb01000000c884d0db6b01394f84d012a5eedc1d2d000000000200000000001066000000010000200000005a725fa8778b9022c1a9917a954edaee3f1ae7f39acd838b1281f4e8e43365a9000000000e800000000200002000000014dd94809ca5c63331c2431946abec62eb8877b87265d61e73b9d2f062206a6a20000000d12031abb8094432197ea8acbcb4fce7f7eaebfda85a9f1c42ae148eba1c4c4340000000546aa908494d6eb3d9ee43aa5e704d719eb409566ac6a640018b83558d744806c3df5937f657d335f5f680cecf7bad514e91119f097502894930475e02f08473	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\VersionManager	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{EA54012A-D016-11ED-B7D7-C2E0088FA829} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLLowDateTime = "1251635200"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastCheckForUpdateLowDateTime = "3207903668"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\MINIE\TabBandWidth = "500"	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\VersionManager\LastTTLHighDateTime = "50"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Software\Microsoft\Internet Explorer\IESettingSync	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NTPFirstRun = "1"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\SOFTWARE\Microsoft\Internet Explorer\TabbedBrowsing\NewTabPage\LastProcessed = e037d6b82364d901	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5676	msedge.exe
5676	msedge.exe
5152	msedge.exe
5152	msedge.exe
6100	identity_helper.exe
6100	identity_helper.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4248	firefox.exe
Token: SeDebugPrivilege	4248	firefox.exe

Suspicious use of FindShellTrayWindow 9 IoCs

pid	Process
4288	iexplore.exe
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe
1556	helppane.exe
5152	msedge.exe
5152	msedge.exe
5152	msedge.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe

Suspicious use of SetWindowsHookEx 13 IoCs

pid	Process
4288	iexplore.exe
4288	iexplore.exe
4768	IEXPLORE.EXE
4768	IEXPLORE.EXE
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe
4248	firefox.exe
1556	helppane.exe
1556	helppane.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4288 wrote to memory of 4768	4288	iexplore.exe	84
PID 4288 wrote to memory of 4768	4288	iexplore.exe	84
PID 4288 wrote to memory of 4768	4288	iexplore.exe	84
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 3612 wrote to memory of 4248	3612	firefox.exe	98
PID 4248 wrote to memory of 4052	4248	firefox.exe	99
PID 4248 wrote to memory of 4052	4248	firefox.exe	99
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100
PID 4248 wrote to memory of 2276	4248	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" https://headshot.monster/VZNRCD
1⤵
- Modifies Internet Explorer settings
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4288
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4288 CREDAT:17410 /prefetch:2
  2⤵
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  PID:4768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3612
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4248
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.0.536594524\1923693462" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1816 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {222f7079-237d-4631-b87c-ceb9a07d086f} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 1916 1dfaf916558 gpu
    3⤵
    PID:4052
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.1.1495184775\988067786" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96db60c5-9c37-4e93-bd59-3fb01c61305a} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 2316 1dfa1972b58 socket
    3⤵
    PID:2276
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.2.989326563\1102960214" -childID 1 -isForBrowser -prefsHandle 3240 -prefMapHandle 3236 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ae4139fc-80a7-4137-b422-f5759c81d619} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 3164 1dfa196e558 tab
    3⤵
    PID:4020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.3.7842314\506216705" -childID 2 -isForBrowser -prefsHandle 2968 -prefMapHandle 3032 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {c4b78015-cafb-40d7-a39a-755076b99c60} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 3244 1dfafe55f58 tab
    3⤵
    PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.5.773125607\493565998" -childID 4 -isForBrowser -prefsHandle 3740 -prefMapHandle 3744 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e628ce58-caf8-4f3e-8918-77921779b8ae} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 3732 1dfafe9c858 tab
    3⤵
    PID:3896
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.4.1527602247\1793270079" -childID 3 -isForBrowser -prefsHandle 3568 -prefMapHandle 3572 -prefsLen 21115 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d634523c-d7a4-43c2-b34a-71b86c03ca32} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 3428 1dfafe9fe58 tab
    3⤵
    PID:3080
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.6.510421259\627329679" -childID 5 -isForBrowser -prefsHandle 4696 -prefMapHandle 4692 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9546745-313d-4864-9a4e-c3b65cf5e373} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 4708 1dfb38a8058 tab
    3⤵
    PID:5612
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4248.7.1402943377\702170689" -childID 6 -isForBrowser -prefsHandle 5324 -prefMapHandle 5304 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1508 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef898bb1-0034-474a-88fe-c30e58493ef6} 4248 "\\.\pipe\gecko-crash-server-pipe.4248" 5336 1dfb4bdab58 tab
    3⤵
    PID:5972

C:\Windows\helppane.exe
C:\Windows\helppane.exe -Embedding
1⤵
- Suspicious use of FindShellTrayWindow
- Suspicious use of SetWindowsHookEx
PID:1556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument microsoft-edge:https://go.microsoft.com/fwlink/?LinkId=528882
  2⤵
  - Enumerates system info in registry
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  PID:5152
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa25c446f8,0x7ffa25c44708,0x7ffa25c44718
    3⤵
    PID:5248
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2156 /prefetch:2
    3⤵
    PID:5668
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5676
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2712 /prefetch:8
    3⤵
    PID:5948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3684 /prefetch:1
    3⤵
    PID:5168
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
    3⤵
    PID:3792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5148 /prefetch:1
    3⤵
    PID:2748
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3896 /prefetch:1
    3⤵
    PID:5660
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5244 /prefetch:1
    3⤵
    PID:4740
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3892 /prefetch:1
    3⤵
    PID:1156
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5160 /prefetch:1
    3⤵
    PID:6040
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    PID:5128
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
    3⤵
    - Drops file in Program Files directory
    PID:5364
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x2c8,0x2cc,0x2d0,0x2a4,0x2d4,0x7ff685275460,0x7ff685275470,0x7ff685275480
      4⤵
      PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5420 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:6100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5752 /prefetch:8
    3⤵
    PID:4796
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
    3⤵
    PID:4100
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2108,11386229608431012994,653594073625726158,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5836 /prefetch:1
    3⤵
    PID:3532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5968

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
471B

MD5
bdbbd793778777706223b00a4ea24ed0

SHA1
bf09527cebe8906bfe6aa1e885bc9fb1b3ec54e4

SHA256
8b1034038298faf34d3f580c1ded7212f40d146de7e62cff20826c8b53f80c36

SHA512
7397d981e28bee91dd0e08c3a38444d8524204118548e8db810f5a277cbb08c20a64350063cf36ee4a943edba249f1d0ed350d4cfbc0671461cf27c2534c1f13

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\7423F88C7F265F0DEFC08EA88C3BDE45_AA1E8580D4EBC816148CE81268683776

Filesize
434B

MD5
94acd6eceb9d06415087ccce7fcdfb52

SHA1
91e3306154b6bf6c24011c453f0343ab6ce7c90a

SHA256
987d42dd7837447d91456e97a9db157480563a889c48c16efaaf9eeed5c3894e

SHA512
568b9577d65e98eadce016498abe6a0c6ee9ba55d987b12a685f77a31a508db696db20a7e1aabaf997527f16f239a3d6d2c0a7bbb83487ed0b72b1f3afc81d6c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\35232d66-0eb2-46df-80a2-951c22125ede.tmp

Filesize
9KB

MD5
7573bf553f052f5ec6e6a57f8c3c1bea

SHA1
7769ad9b4dbb24ab97bfb3de0ec2e751f68325e0

SHA256
a30f6c1284cdcdc37f41d308d355df106b4e75ae537037a462022e084e3722f5

SHA512
c5492f473511d47d049d597ea6a57d2bd0a71866c6064952d023fa3779ca512ebd6c07625d89aba1755ebbefdc451606c2000677727455c03f941a30eda7feb9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Extension State\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
a3dac1263eff1abec4c2278357efee12

SHA1
5dd2e6c8a3a56f91c118bfeeb9e1f8f0743849dd

SHA256
c69f1d431f7d6a7e22f66384c46dce58dd6c3e9c89d976340481f67fc5e83588

SHA512
a7e5d824ac772009105609e128322a445e89fb5ce889b6ecddd72d47103afae69b1f04d3ff62a84de1ca09de0d2aad5412c35ee745ed5bdd1eb3eea710eb1ace

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
7dd61b6bca509f6c7485dc3078017c39

SHA1
7218277209f5b0f10d1c8478729d58040b6f28d8

SHA256
cc9a9aae91daf9d44a869e52a3fc363939121cec8c35fb96fec5ecd47357c25e

SHA512
e5859b40bc519a1d0e1a95a98003e3d46d5e1c0441e0088f422081f4114772c65120b06e6aefa5c650cc19989b6cb9ada7f62b1cd13cf79352258776af9dd690

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
a3ec2c5d5b2436afb94e8c2684922c44

SHA1
6db005567045aa66f1e97a6e8b6c231eb14dbc63

SHA256
f7983882ae5b0130c82e9c0fdc2889f2ff0992d53c5c84e52a1ebadd8c504799

SHA512
653aa343c1b20664cda1772e637582b0bce3cfff0872181498f87fd8415535cb4039ec7cd4c35aaf108fe9e67a301c27b9a348d0c24584028f3afc762182a267

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
68a7a5908b8079751d3812eae115cf54

SHA1
d33c7bc231660d0a70985c4cf970a51e8c7aea44

SHA256
98d1353f740cace6634477beb600f39677fcea0cd085304daefa548b805697fd

SHA512
bba1813c631844c0f7bd84064d3f8489fe154b8f3689066baf4781ec14d39dd2f76feff68e8675467e3a54dd15a546167e521eeaa320eb0e0c8f76efd6bfac5a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
7d3c7f179c9897a379c033bdd027f15e

SHA1
1de8823b761c0e99034d5081b6d9fe5170f8be35

SHA256
2251c42a7b127127957111a6fb8cae5cb262f136ae22da9a85f83b803f67c1ad

SHA512
4e1ee815295b49332e8dd3bb639b715264da77c19078dd7d5ca5114736cc86480abb1377ae96abbad79c1013f400222c11fc14a6e77c674fafc2b9149c72398c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat

Filesize
1KB

MD5
323946f06cbce1cf76138b79cd33728d

SHA1
e8c4b4ae32e2494db09d76eec476ea77387100af

SHA256
a9ad9b6c6830a14b7b128a98e87bb1f4f04a2d64e2c3e9e35c678164c9e42244

SHA512
8b2c37909014f43ff49ab4556bb7220de47214f27f71ba8cd28be8551d1cf6410eff7ced4811c616fb17a286ef1743ede9776e9763a3e242d0f64d263f534cfc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Internet Explorer\imagestore\9afmek3\imagestore.dat

Filesize
9KB

MD5
49afc729d99f37f2a4d6c3b4e8ef153b

SHA1
a19b663f8ebf98a21a29b9276e90c263894d9905

SHA256
cb0e5381c3cbd19cdb951a1c0e1dfd20959a695615f3e7985a72e3d0b8cbf7d0

SHA512
8aade37d58275e4eaa47da349b8bbdb0d879dc72c836fc077fd575e2b5c8b6dc1c82a7a3f98855f9522d87ca4e1131d4cd4db3de35588466ff4ace6e9265be7a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\favicon-196x196.59e3822720be[1].png

Filesize
7KB

MD5
59e3822720bedcc45ca5e6e6d3220ea9

SHA1
8daf0eb5833154557561c419b5e44bbc6dcc70ee

SHA256
1d58e7af9c848ae3ae30c795a16732d6ebc72d216a8e63078cf4efde4beb3805

SHA512
5bacb3be51244e724295e58314392a8111e9cab064c59f477b37b50d9b2a2ea5f4277700d493e031e60311ef0157bbd1eb2008d88ea22d880e5612cfd085da6d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\new[1].htm

Filesize
103KB

MD5
28fed7adc14dc4bd2151807a07313fbb

SHA1
9d3209e6e738887c492d6e2fb6a3cbbed01b4894

SHA256
47a655e0669054bf0a98783f462158175815a9e8c3e32defb604558d49b1d917

SHA512
3fe22ee552f07af04c39730f849d5c33e3b9ac18a16d07b52af7824f5a338f0f4222ff89e7f003dbd059024984a409059fd267b419bc160fffdf050a23f7e562

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\favicon[1].ico

Filesize
1KB

MD5
f2a495d85735b9a0ac65deb19c129985

SHA1
f2e22853e5da3e1017d5e1e319eeefe4f622e8c8

SHA256
8bb1d0fa43a17436d59dd546f6f74c76dc44735def7522c22d8031166db8911d

SHA512
6ca6a89de3fa98ca1efcf0b19b8a80420e023f38ed00f4496dc0f821cea23d24fb0992cee58c6d089f093fdefca42b60bb3a0a0b16c97b9862d75b269ae8463b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
152KB

MD5
5d84b9e5a89fb7c0c5fe1d5c7c6744fd

SHA1
58f03bbdb9db5339bf72f23ffab4aa08398c89cd

SHA256
6f32b4a513d96ab202faef082ce1a63e738f80054a2e525d31f033873b5b6b3d

SHA512
9d25853d0092ef535f9a55d2a24e1bc701d225026794d348d0196b8960353500b023e0ab31d50740039a21ebe782eb36e99c904817323ee923d88d16caa1ec21

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
ed3aa202ecf32cab36378b95ca293177

SHA1
e3336d8af258820d476d6e2c2ddd1a0a5d8a26f5

SHA256
dd53f3d0e4e01d06a8a713357ebf8ff692f2716f0b75148c5b7fdc9c0605e72b

SHA512
e235a8251027fa679be60b30b312626e3ac8d5481e07931bff20791fc5ef9e4611b31e0dda6af8d8ba43088b95126107fb20106b665b265bc770e8470314887b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
72639a54d85f76f43781ee3b143df75f

SHA1
dbba913b8c487695eff2ddc1ad4ee0e31f14ca3a

SHA256
db939f3074ccd79943ddef98cffc75c9323dbecfbca0ef958920c94049f8b724

SHA512
4018fcd9397e4d6e2b7ddfca79bf7bc6f2146d6e22bff9beddf450752ca78cece10b69ba3511b2dc8972e023e1263e80383f69a4d63080c0a3e46e6f419a70ef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
6b2cf1a823265e6a83a301c9cfe90097

SHA1
3719b1ce43b7ba69a44794c9a28230033521fca7

SHA256
b11ce75da50b34fdad8547f22af07d4ea66c6a4e4c8fd087a336a34b7ee1eef2

SHA512
55e4b6747b2454ed4ed455626ac292f1e81f59c8aaab3a759b4b1bf69631acc501fbbfbdf65d83d46bb7d98d05d5d99c9e70d11475d0baf530244862bbf9ec7c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
f9155db97ffa7b0aede883ef78346f24

SHA1
8d3caee61c7daa87a994bcdd654420c28a83eff4

SHA256
4ef165a7c9478a66dc695207483a2d798c7a1f7e379c0fd62b568445c96358f8

SHA512
4f5964cf02e7bca16edcb1eac3bd4ce393d09c76440fe860bde72d3e125b7b65c1b4efb7fc253d089a2c91c648312078341f97fbcea9369cb331f2b76120d4cb

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js

Filesize
6KB

MD5
d8af8548da94e079133c8823e8572114

SHA1
c1b97841f4f5e3d4a2e057a82a60b887e23f6e6b

SHA256
d3c080785a8a767c9b03662bb7b6bff73e6992008dde6622bf3d3670971b1b31

SHA512
a3a07217ab6803dc09d63ff98e4f62f11dfba33b2ca3e91a76b8bd36ca839de8058bb2c101b53f7773b0d940bb59b7a0019857a0f143387aaf4a7a4d3de76150

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js

Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
afd72ac55c03ee3985e7c801749938e8

SHA1
3ab11388fe9d2a3ffe3e941cf14990fd387834b5

SHA256
e4bda6313114a08ab0d009604a77ac983610aaf914273def211e378cacb92dfb

SHA512
cfc801f53ce4e58cafcc9efe3d170dbebd19e422e75ba123a5a952e7bac42b10233144f518dde5b1285f675cfdadfb2b7c25a7ce8ceeb90a34e8571d229b8461

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
df7a993290598a92dc2e0eade63a3aa5

SHA1
fe33e6dff2cae29edbe49ecbbe715f3d2c4b7bec

SHA256
1ad98fd7967e82777ed938ab1669ef3d84ae156c45f832620f85a55acff14dda

SHA512
8c9ef794dfed4a4fbde625db927f6862d554c95b7680501ffe5a49a7f2b376ee403a67cb1e37c8f3511fbf9e29a47d7be3d5e761c62522ddd1d3d9c2c1ed4107

Download Submit