3ed7846a7c6517e3cdd5f964d9092bf4cd12aa949e017557809b1c0919c2746b

Resubmissions

26-05-2023 11:26

230526-njwrjafb85 6

26-05-2023 11:05

230526-m61tbsff4y 9

Analysis

max time kernel
150s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
26-05-2023 11:26

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Electron.zip
Size

4.0MB
MD5

97076579ad60bab9d10873ce2919a6cc
SHA1

d6c75777c0d5fc972f706b67ca9a67b6c9c1edc0
SHA256

3ed7846a7c6517e3cdd5f964d9092bf4cd12aa949e017557809b1c0919c2746b
SHA512

8a69b425b0c90446a675a6e56ce815975a50083d25623e053b769ed922b967528c375d8f247c74eb9c6181d2eb16cb465dbc21887f6044deec313bbc5b477a0d
SSDEEP

98304:fCAG9ljur60nkCXKNLzXhjpsB1uo8rsVF2ImbxXd2Be2WyL:fCXjuO0nkTC4o6RZ2Z

Score

6^/10

Malware Config

Signatures

Drops desktop.ini file(s) 1 IoCs

Processes:

LogonUI.exe

description ioc process

File opened for modification C:\$RECYCLE.BIN\S-1-5-18\desktop.ini LogonUI.exe

description	ioc	process
File opened for modification	C:\$RECYCLE.BIN\S-1-5-18\desktop.ini	LogonUI.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe

Modifies data under HKEY_USERS 52 IoCs

Processes:

LogonUI.exe

description	ioc	process
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\LANGUAGE	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowShiftLock = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\KeyboardLayout = "67699721"	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "173"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language\00000000 = "00000409"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Substitutes	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\TelemetrySalt = "3"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{af0fc727-0000-0000-0000-d01200000000}\MaxCapacity = "15140"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\CachedLanguageName = "@Winlangdb.dll,-1121"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\TIP	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{40DD6E20-7C17-11CE-A804-00AA003CA9F6} {000214FC-0000-0000-C000-000000000046} 0xFFFF = 0100000000000000c0db67fad58fd901	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\Profile = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{af0fc727-0000-0000-0000-d01200000000}\NukeOnDelete = "0"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\BitBucket\Volume\{af0fc727-0000-0000-0000-d01200000000}	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\HiddenDummyLayouts	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\SOFTWARE\MICROSOFT\CTF\SORTORDER\ASSEMBLYITEM\0X00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}\00000000\CLSID = "{00000000-0000-0000-0000-000000000000}"	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Keyboard Layout\Preload\1 = "00000409"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\Languages = 65006e002d005500530000000000	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409\{34745C63-B2F0-4784-8B67-5E12C8701A31}	LogonUI.exe
Key deleted	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\AssemblyItem\0x00000409	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\en-US\0409:00000409 = "1"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\1e\52C64B7E\@%SystemRoot%\system32\shell32.dll,-50176 = "File Operation"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\CTF\SortOrder\Language	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Control Panel\International\User Profile\ShowCasing = "1"	LogonUI.exe

Modifies registry class 2 IoCs

Processes:

msedge.exefirefox.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

Processes:

msedge.exemsedge.exemsedge.exe

pid process

5068 msedge.exe
5068 msedge.exe
3412 msedge.exe
3412 msedge.exe
868 msedge.exe
868 msedge.exe
868 msedge.exe
868 msedge.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 2 IoCs

Processes:

msedge.exe

pid process

3412 msedge.exe
3412 msedge.exe

pid	process
5068	msedge.exe
5068	msedge.exe
3412	msedge.exe
3412	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe
868	msedge.exe

pid	process
3412	msedge.exe
3412	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

Processes:

firefox.exeLogonUI.exe

description	pid	process
Token: SeDebugPrivilege	3348	firefox.exe
Token: SeDebugPrivilege	3348	firefox.exe
Token: SeShutdownPrivilege	5392	LogonUI.exe
Token: SeCreatePagefilePrivilege	5392	LogonUI.exe
Token: SeDebugPrivilege	3348	firefox.exe
Token: SeDebugPrivilege	3348	firefox.exe
Token: SeDebugPrivilege	3348	firefox.exe

Suspicious use of FindShellTrayWindow 6 IoCs

Processes:

msedge.exefirefox.exe

pid process

3412 msedge.exe
3412 msedge.exe
3348 firefox.exe
3348 firefox.exe
3348 firefox.exe
3348 firefox.exe
Suspicious use of SendNotifyMessage 3 IoCs

Processes:

firefox.exe

pid process

3348 firefox.exe
3348 firefox.exe
3348 firefox.exe
Suspicious use of SetWindowsHookEx 2 IoCs

Processes:

firefox.exeLogonUI.exe

pid process

3348 firefox.exe
5392 LogonUI.exe

pid	process
3412	msedge.exe
3412	msedge.exe
3348	firefox.exe
3348	firefox.exe
3348	firefox.exe
3348	firefox.exe

pid	process
3348	firefox.exe
3348	firefox.exe
3348	firefox.exe

pid	process
3348	firefox.exe
5392	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exefirefox.exe

description	pid	process	target process
PID 3412 wrote to memory of 5104	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 5104	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 4972	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 5068	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 5068	3412	msedge.exe	msedge.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 4240 wrote to memory of 3348	4240	firefox.exe	firefox.exe
PID 3412 wrote to memory of 3648	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 3648	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 3648	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 3648	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 3648	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 3648	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 3648	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 3648	3412	msedge.exe	msedge.exe
PID 3412 wrote to memory of 3648	3412	msedge.exe	msedge.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\Explorer.exe
C:\Windows\Explorer.exe /idlist,,C:\Users\Admin\AppData\Local\Temp\Electron.zip
1⤵
PID:4460

C:\Windows\System32\WScript.exe
"C:\Windows\System32\WScript.exe" "C:\Users\Admin\Desktop\SuspendAdd.vbe"
1⤵
PID:1776

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\FormatGet.html
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:3412

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ffee88246f8,0x7ffee8824708,0x7ffee8824718
2⤵
PID:5104

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12301353000189620921,17268693831504584882,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
2⤵
PID:4972

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2112,12301353000189620921,17268693831504584882,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5068

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2112,12301353000189620921,17268693831504584882,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2732 /prefetch:8
2⤵
PID:3648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12301353000189620921,17268693831504584882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
2⤵
PID:2676

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2112,12301353000189620921,17268693831504584882,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3392 /prefetch:1
2⤵
PID:2372

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2112,12301353000189620921,17268693831504584882,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5144 /prefetch:2
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4240

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3348

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.0.145098473\805911488" -parentBuildID 20221007134813 -prefsHandle 1844 -prefMapHandle 1808 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebdc432a-7801-4f9a-bdd2-bca9dd7ee636} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 1940 19a52d18958 gpu
3⤵
PID:4248

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.1.1978490035\664758404" -parentBuildID 20221007134813 -prefsHandle 2320 -prefMapHandle 2316 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a59bb981-e39f-4953-917b-04ab558dd07c} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 2332 19a44d72858 socket
3⤵
PID:4592

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.2.11094934\2112733639" -childID 1 -isForBrowser -prefsHandle 2720 -prefMapHandle 2944 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b6a43144-bd1d-4455-abf3-37aeeeca8eca} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 3148 19a55a08f58 tab
3⤵
PID:2700

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.3.328306480\1688593245" -childID 2 -isForBrowser -prefsHandle 3624 -prefMapHandle 3620 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {13ee1dc3-2643-4ed6-88a4-6922349b23c1} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 3636 19a5605c358 tab
3⤵
PID:4388

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.4.655532962\819030342" -childID 3 -isForBrowser -prefsHandle 4036 -prefMapHandle 4032 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bd731843-a748-4654-bd6e-bb2448f41e15} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 4048 19a56928658 tab
3⤵
PID:2740

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.7.1113673969\737495164" -childID 6 -isForBrowser -prefsHandle 5324 -prefMapHandle 5328 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {147e9532-e54a-4f45-928d-89e609da0f42} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 5316 19a58106958 tab
3⤵
PID:1916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.6.117936414\1400180473" -childID 5 -isForBrowser -prefsHandle 5132 -prefMapHandle 5136 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {84a83947-7995-4af2-aa9a-64b1dcff4e32} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 5124 19a58106658 tab
3⤵
PID:4868

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3348.5.671349588\782250256" -childID 4 -isForBrowser -prefsHandle 4720 -prefMapHandle 4764 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1476 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d41cc062-fb2e-4feb-85d5-4b08bff79d19} 3348 "\\.\pipe\gecko-crash-server-pipe.3348" 4772 19a56929558 tab
3⤵
PID:4376

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1700

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x0 /state0:0xa39f1055 /state1:0x41c64e6d
1⤵
- Drops desktop.ini file(s)
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5392

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\Windows\SystemData\S-1-5-21-1013461898-3711306144-4198452673-1000\ReadOnly\LockScreen_O\LockScreen___1280_0720_notdimmed.jpg
Filesize
189KB

MD5
3f9265af91d08dbeef3496255f6ad705

SHA1
5214281468115b5304f4677daff02327998d57ee

SHA256
7c2966e26db35b80a14698b3ddeb50c72946f227cfd941223de8249d68096077

SHA512
b79652634d3668041ca0fcf6ddb889b1e57e21926b72d6dc5f77f8c69eb4fb502c3b3b3931bde65bda42caa7c79fc2551607a8f24dfb35c42f0fe9f2c796762a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
aaeb1f5e097ab38083674077b84b8ed6

SHA1
7d9191cb2277c30f1147c9d29d75fc8e6aa0a4f2

SHA256
1654b27bfaeee49bfe56e0c4c0303418f4887f3ea1933f03cafce10352321aef

SHA512
130f1b62134626959f69b13e33c42c3182e343d7f0a5b6291f7bb0c2f64b60885f5e6331e1866a4944e9b7b2e49fe798e073316fde23927ede2c348ba0e56eda

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
Filesize
152B

MD5
1db53baf44edd6b1bc2b7576e2f01e12

SHA1
e35739fa87978775dcb3d8df5c8d2063631fa8df

SHA256
0d73ba3eea4c552ce3ffa767e4cd5fff4e459e543756987ab5d55f1e6d963f48

SHA512
84f544858803ac14bac962d2df1dbc7ed6e1134ecf16d242d7ee7316648b56b5bc095241363837bf0bf0afd16ca7deebe7afb7d40057604acbf09821fd5a9912

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico
Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk
Filesize
2KB

MD5
492be85daf602e66c6fe637497c92026

SHA1
aa2e3b2a9f545f4035e9732c44f8114f1938072c

SHA256
7c5af1b26f2999ce78022de6aa80feba36d54f98e821bbb610c75fbb91eea587

SHA512
6d6db0bc70a872bed17d53d771fd77ebd6caa5c4518724e7ab9d1a94afbf2c1abfbb154d5dfe1ae76d1c426813f13024d23419e77c075c710e2a0cd5abe5df17

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
7c4cc2486b3e9eae424c9d7502ba0efc

SHA1
01ff16bd1cdc454417384c144ae0eece9bec4c8e

SHA256
fdf605d3d7eaecd2937eb6996d8f8274ccb9d43f85b50e713b24afad1fb161c7

SHA512
b1bfd11228a46ca4e740907a0b50bd828b87040802f7d9ee2ae3b40d5a5591afd4419b130d37bf4b85381b6e1db669c0a5946c184d7ba679fc2e3cf45780fb3e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
4KB

MD5
293e19847691c5c6d8b66f8b4f62efa6

SHA1
1dd60427392cb2d14d1317fa827f08e0c7b5052a

SHA256
b358ac93dab5bc1b0412dd6d3080e4663ddd0e003b763df08b41850c5d2ea51a

SHA512
9cccdb95967140eddac880e555ff3b188b52ec007840f74985fcfdaa7652bfd2f4bd417f9f0c6f1fe6c41398aefc1709055e0989214d59cce769388afa8d2c55

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
Filesize
5KB

MD5
b3da2b155dbbe0bbca6f8e42a89bb0cf

SHA1
8fbc5e872656b743fbfcd302ef24f90624fc873f

SHA256
94d3f20e893d7333825c0afd6b7f2a10a67f7cdde401bc9d118080cb78487eab

SHA512
80997a48df59d9915b4ed0b7737a9401552d9db27dfd23f4ad21e2ae7cec6450b1f212c3c6e4642fedc776374c22bdb2b1da02725f7331d32da3b0d330dff13a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
47e94a96372e6f095b8a3fd7edc48ec0

SHA1
377b68f34e5964ca8be1b1b0c1507dd7f0e5f005

SHA256
15c77bafd922bd085317fd544d0fa129e3b8c814e3ba0d48936366004427732e

SHA512
5bd63de2e831805b723d7ddf1343c3b721ef5b757d9ab01bf8554ef8e29ac2cc09fa104fc85d530f27d66b67280774b3ebbef6729ea3ab61ce8028ab4ba5bdad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences
Filesize
24KB

MD5
3d874cbf2372e29aa7bde5be5e1db4b3

SHA1
a9214d4e1ddfd7f4cbe8fc61f838f9f2a2f2f26f

SHA256
84c9c0c31f068bcdc2258102ef25547073b785cfedc7345f510de21dd6096000

SHA512
8f90c381382b2a95c3ba3fe941429cc70094c92e78668a54ac88ed3e030c14ee7c3ba8ee7f450533456fd1933663b4c300f265da972fc0493aa409cc17b9fe10

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001
Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\metadata\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
12KB

MD5
efd5cdd8e3d06d3a5c64ceb137992771

SHA1
10753cda8f364d29db6b3ca897c5215d430886ce

SHA256
373a3f742db1325cd23f6b0975ccd1ac24a0dfc4d1838c366c2b97948f2d6c47

SHA512
6e3c51ecfa0cccf87fd863743922006951058760a57c45174936413f0d624c43d91d70ce7f4586fc666f7ac869fae76cd63398be533e893b4114f21372dc7566

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
Filesize
9KB

MD5
3a140c2b07370c1bf45098c7dc9cc539

SHA1
93c23781c60080773b465962406bb4706a987453

SHA256
d21194c1ace7be1e858e17aa3f8ad116bf861b49a4d4f712896abe24b7463c1e

SHA512
8d6ad7973d6f61b9b2da16ea1c0aa4828599f8d5b08ecdf5b63b98f06f3afd54f4bd8c9b700f9c31e5904ccd7f2200b5d9d89f17d7f6eb7a9188bdacd232f792

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\activity-stream.discovery_stream.json.tmp
Filesize
140KB

MD5
0c08fd08c0fca38aa4eb6e119b9c9eaf

SHA1
2a383aec9ddf36775f350df9f4cb046d2f501ad1

SHA256
343d892dfa873240dee8b88daca3f7881f6fc49a2251ad8d572a4feacfbb3264

SHA512
e95b1d46a8ecfa299c0a76306b7fa8e170e397b9f538ac5aa3c20f667096d5d5aaba252a84b1925456c4088b1375a74eb0b46be499af6867dd3eaed98a919214

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\6exu9k4v.default-release\cache2\entries\917E41E135032D6BD66E5D6F84F0988D37234A33
Filesize
14KB

MD5
cc8ece6f04c1dc800fee0e88b85214df

SHA1
bf1dc3b3b3830bdc6c93dae472adcea993968a34

SHA256
0d2aec2aa2711ab9394ddbad7ac887544996bdfff853aa283a1f987c3ca765e8

SHA512
d8c465887ed079e6bd1f0f131a3ebd0c03bbff2df3cc583026ca5f5f24e92de3438325e2a4b725322f414ef0d400f6d919994f238ee9079f168a77a319fc296e

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon
Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk
Filesize
2KB

MD5
492be85daf602e66c6fe637497c92026

SHA1
aa2e3b2a9f545f4035e9732c44f8114f1938072c

SHA256
7c5af1b26f2999ce78022de6aa80feba36d54f98e821bbb610c75fbb91eea587

SHA512
6d6db0bc70a872bed17d53d771fd77ebd6caa5c4518724e7ab9d1a94afbf2c1abfbb154d5dfe1ae76d1c426813f13024d23419e77c075c710e2a0cd5abe5df17

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
74614e10b58d7d3f157c8a11848cad0a

SHA1
2bae041606b88e7f64914aec7b08e2fc731a3c5f

SHA256
bf2986efdd411bfe663357324cd2ab847328cce11ba23d3ccfc52e0d2d327c68

SHA512
09c7f343ba54f521b8c6ba3764ca7ec016c72d78ccf230e31280c094b91c7ed5af6c5104f3b8686a698471b639431939eccec3c76a1fb1b133de6991f25909af

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
c3a4f107d0a3d5d6d5233d6c8b078c77

SHA1
5fa845491ae44273b64ec80b37d5e7435021237f

SHA256
b84f70b8f974dd2335b3637bc04bd9faba6a5308f2eb2b01a651b6127fa7c81a

SHA512
ac4bd5c74ed8b436f7901a6312ac056bccb3ee59f17b688fbb1e215612f6453a3a49a02fe2765b05c8980b4323c5b3e794d786baf9d9720d3e14dab6d54a230b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
6KB

MD5
8af9eabe983a2a3911a55b71a9230b62

SHA1
fe9f2dbf839de398130bbefa834deaa9afdfb95d

SHA256
44c39e95f1558f8e52a6d305a91a0029dacd23c13c2e4964d4268dec2720ed5e

SHA512
f9154fe6a41ba4a574187db6831732625fa4b2a655cfcab4b78bcac261ba87351eddf5ad2179753b18e5cd49013dc1004eb432da255cef456bd8bf6d531ad3a9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
8KB

MD5
ae0e207d383c4e6ebc6fd1d2d479bfec

SHA1
1ee50aa2205bb0726f70cf26c9248e2408100cc1

SHA256
56e2e4dacb0863156e33e307140bb1c2529351fc0cdaf713397218141519b30e

SHA512
04335b221f6fe1b34ef0dfba813ef792afc94f20ad772f72c6582afe324f361348048e25bcee832cf3c4b1b9c271ff5d20db52608c71ab4f1855f917295d71e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs-1.js
Filesize
10KB

MD5
e2ae1573913c6d2b1e9643748c0fb017

SHA1
2bcc273149e29350758ac30d6de4dd3db3d0a2ba

SHA256
1067064f8e8b06709f7902ba43f480e149debcadfb7dd0406b9ee508c2a1c373

SHA512
4bd80ffd10b2e926211a12c654a7b17ff4216658c2fa314a2b342fdaf785d2a458efeee9d247dbf485f0f48d7b87f84bf7db4c620ad03dc1d953904154e1a4c4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\prefs.js
Filesize
6KB

MD5
108b97b1ff7efbdb1aecce96d55ff2e5

SHA1
bb72b2e0c3d859fe5e821632307a32df331b55e1

SHA256
c5e19d4313b524fffc4859f4fac05ea3dcf408714a736dbd0bb7fcdf5131f80e

SHA512
e0f7678424e68957a1cb521786e9e4e54c179f9a263b04d0c6a96147cb1e242b58bda3e74e6f142dcd9b6dd313a0061c3050af334b149eab9a8040f923da84dc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\6exu9k4v.default-release\sessionstore-backups\recovery.jsonlz4
Filesize
1KB

MD5
181bad26e7b4ac3edfe57108e5af5259

SHA1
a9e1baf17f7f442afedaccea8f3cdc9c935fd814

SHA256
dc0d1f627d643aa860ea4c6461693ecc164afa5cda9da5b91776418406f4d875

SHA512
7790a1c87af4d385f676e722cd66f97cf302228dabcfaa5784bfd4447caefa8c5f8c14005960d15fd68d469fd89c01a61cd75fb8147bd770410998c2e31fca79

Download Submit
\??\PIPE\srvsvc
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
\??\pipe\LOCAL\crashpad_3412_RNOTVNDJDLYHKGYA
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit