hxxps://internal[.]j-ic[.]co/fcaXnn8DBmZ/RjbZ5DBcjZ/vNz31jEJER/xYBfGR5XFn/_E%3D

Analysis

max time kernel
343s
max time network
345s
platform
windows10-2004_x64
resource
win10v2004-20230221-en
resource tags

arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system
submitted
26/05/2023, 18:28

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://internal.j-ic.co/fcaXnn8DBmZ/RjbZ5DBcjZ/vNz31jEJER/xYBfGR5XFn/_E%3D

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\c8128f58-bdaf-46b1-9e31-e3cd81f9b67d.tmp	setup.exe
File opened for modification	C:\Program Files (x86)\Microsoft\Edge\Application\SetupMetrics\20230526202932.pma	setup.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	powershell.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4536	powershell.exe
4536	powershell.exe
1320	msedge.exe
1320	msedge.exe
2220	msedge.exe
2220	msedge.exe
4728	identity_helper.exe
4728	identity_helper.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe
2072	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 10 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe

Suspicious use of AdjustPrivilegeToken 7 IoCs

description	pid	Process
Token: SeDebugPrivilege	4536	powershell.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe
Token: SeDebugPrivilege	2140	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
2220	msedge.exe
2220	msedge.exe
2220	msedge.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe

Suspicious use of SetWindowsHookEx 10 IoCs

pid	Process
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe
2140	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2312	2220	msedge.exe	85
PID 2220 wrote to memory of 2312	2220	msedge.exe	85
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 4928	2220	msedge.exe	87
PID 2220 wrote to memory of 1320	2220	msedge.exe	88
PID 2220 wrote to memory of 1320	2220	msedge.exe	88
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89
PID 2220 wrote to memory of 4456	2220	msedge.exe	89

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
powershell start shell:Appsfolder\Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge https://internal.j-ic.co/fcaXnn8DBmZ/RjbZ5DBcjZ/vNz31jEJER/xYBfGR5XFn/_E%3D
1⤵
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --edge-redirect=Windows.Launch https://internal.j-ic.co/fcaXnn8DBmZ/RjbZ5DBcjZ/vNz31jEJER/xYBfGR5XFn/_E%3D
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8fada46f8,0x7ff8fada4708,0x7ff8fada4718
  2⤵
  PID:2312
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2196 /prefetch:2
  2⤵
  PID:4928
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2260 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2512 /prefetch:8
  2⤵
  PID:4456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3468 /prefetch:1
  2⤵
  PID:444
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3476 /prefetch:1
  2⤵
  PID:3952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4884 /prefetch:1
  2⤵
  PID:460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3648 /prefetch:1
  2⤵
  PID:4864
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  PID:2724
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings
  2⤵
  - Drops file in Program Files directory
  PID:2604
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x22c,0x200,0x230,0x7ff672205460,0x7ff672205470,0x7ff672205480
    3⤵
    PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5568 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5644 /prefetch:1
  2⤵
  PID:4128
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5660 /prefetch:1
  2⤵
  PID:4856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5456 /prefetch:1
  2⤵
  PID:968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:1204
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1944 /prefetch:1
  2⤵
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=2348 /prefetch:8
  2⤵
  PID:6012
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1860 /prefetch:1
  2⤵
  PID:6120
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2136,17435070178855287158,8731062360262987154,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1724 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:1280
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:2140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.0.1217104616\3242794" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1704 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {78d0c8b4-a3ba-4aef-92a3-9925dd15eaf8} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 1916 1ffc3019858 gpu
    3⤵
    PID:2808
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.1.377501958\730303675" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f5e6274-1758-4604-9214-f45127fbbd26} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 2316 1ffb5072b58 socket
    3⤵
    PID:2068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.2.1077434683\1340637792" -childID 1 -isForBrowser -prefsHandle 3088 -prefMapHandle 3108 -prefsLen 21074 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b6832b7-fc93-4e49-b716-9b1ad251b403} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3076 1ffc1f90e58 tab
    3⤵
    PID:4768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.3.59341514\957647527" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 1656 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2d093647-6c29-4aeb-b596-8b0fedbe01a1} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 1364 1ffb5067b58 tab
    3⤵
    PID:1360
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.4.107665373\1673195769" -childID 3 -isForBrowser -prefsHandle 3768 -prefMapHandle 3764 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {07e16431-415d-484c-b5ca-d18f82ef718f} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3776 1ffc6baf158 tab
    3⤵
    PID:1420
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.6.895053329\427044582" -childID 5 -isForBrowser -prefsHandle 5212 -prefMapHandle 5216 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0c69d7ff-7de6-455c-91ef-9569eaf55ecf} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 5200 1ffc80fcd58 tab
    3⤵
    PID:5652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.7.1268975851\1399601968" -childID 6 -isForBrowser -prefsHandle 5416 -prefMapHandle 5420 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e8842d46-975c-4fe2-80bc-2e740f10c0c6} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 5016 1ffc80fc458 tab
    3⤵
    PID:5660
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.5.1324518173\1810791901" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 5092 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd2a5e62-7b7f-4a33-bfbf-50634e4a871d} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 5116 1ffc80ec558 tab
    3⤵
    PID:5640
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.8.81786756\1939542289" -childID 7 -isForBrowser -prefsHandle 2812 -prefMapHandle 2808 -prefsLen 26832 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6cd22193-b6a7-400f-a537-415b634ca431} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3684 1ffc35d2758 tab
    3⤵
    PID:2556
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.9.928956661\1730806020" -childID 8 -isForBrowser -prefsHandle 6184 -prefMapHandle 5132 -prefsLen 30220 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2377edea-270b-45d3-9faf-d2f90359e700} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 6236 1ffc382dd58 tab
    3⤵
    PID:1520
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.11.126253398\1130677981" -childID 10 -isForBrowser -prefsHandle 6524 -prefMapHandle 6528 -prefsLen 30229 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dbb62674-9149-4317-b61b-6a5fde29207e} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 6516 1ffc8377e58 tab
    3⤵
    PID:5836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.10.960161990\1845971278" -childID 9 -isForBrowser -prefsHandle 6392 -prefMapHandle 6396 -prefsLen 30229 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9f2b5efe-c6e6-4d50-8ac7-78c9e43fce97} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 6380 1ffc4916e58 tab
    3⤵
    PID:3692
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.12.867463183\388364353" -parentBuildID 20221007134813 -prefsHandle 6780 -prefMapHandle 6784 -prefsLen 30229 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ad79a48b-806c-4307-9e48-539329d19a7a} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 6772 1ffc8f2bc58 rdd
    3⤵
    PID:3124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.13.1604116980\720034289" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6972 -prefMapHandle 6968 -prefsLen 30229 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ca20ec4f-7439-4958-bcbb-3f24015f9f49} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 6980 1ffc8685558 utility
    3⤵
    PID:5996
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.14.299571989\1332222772" -childID 11 -isForBrowser -prefsHandle 7000 -prefMapHandle 6352 -prefsLen 30229 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b42555e6-8299-40b4-9c50-7c95380bb2e7} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 3488 1ffcb86ce58 tab
    3⤵
    PID:5440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.15.1444405693\1868891476" -childID 12 -isForBrowser -prefsHandle 5484 -prefMapHandle 5476 -prefsLen 30229 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {188d5f3e-7905-4ac9-8168-9de00c1f1af7} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 5428 1ffb502ff58 tab
    3⤵
    PID:3856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="2140.16.1749478248\624111502" -childID 13 -isForBrowser -prefsHandle 6168 -prefMapHandle 6368 -prefsLen 30229 -prefMapSize 232675 -jsInitHandle 1468 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dfc6223e-10e1-4d86-95a2-75edeef06dec} 2140 "\\.\pipe\gecko-crash-server-pipe.2140" 6492 1ffc49ce158 tab
    3⤵
    PID:3732

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\0567f1f4-a8e6-440e-8080-3441a9bfc268.tmp

Filesize
13KB

MD5
1149fc9c2a5c6a03b18329069765a591

SHA1
586a685b41356b41920f55e3a78a9fdd21fe37e3

SHA256
910cdd8c70d1726901cbc0e44a1589591eed11a15fd0908efeddceca25382e32

SHA512
9bc5dda109d45136b14da2f3a467d6034f5117e6b51cb18d510279776d0d220acd926befda335b4c41dc58959143c33753b21c3fee5c63851b53303956b28767

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
5a10efe23009825eadc90c37a38d9401

SHA1
fd98f2ca011408d4b43ed4dfd5b6906fbc7b87c0

SHA256
05e135dee0260b4f601a0486401b64ff8653875d74bf259c2da232550dbfb4f5

SHA512
89416a3f5bf50cd4a432ac72cd0a7fb79d5aeb10bdcc468c55bbfa79b9f43fab17141305d44cb1fe980ec76cc6575c27e2bcfcbad5ccd886d45b9de03fb9d6d7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
25bbf36fd8619c7d627555525840bf1f

SHA1
7836739f5443d8f366ed45ca744ced111b21b234

SHA256
f9767c4ddfca79aefb2a83d9783feb7ecfe3df970d7f3775c790113b86985f73

SHA512
7ba2a74b9fbd265066374841a58a36cffcf57c919388282839b8cf5e54461f9941832559637765c76610e564d27e2a12d9b93575b6b43f07c429a47717b2f887

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
3d8890277e8ee60adec07a9cdc380405

SHA1
fa88adf5a1bdfc80f65a66d7070161633e94da1a

SHA256
7c1fc53306c85dde04966d5ca180993cf9bd030a00c147d9631d5ed5810f0493

SHA512
571d1c486c44c611dc19a9de8ae9b22b34eab920d3df1413fe53a0f9ec1c692215e3d716c61a3d983e20ff7c780687caa9828dcc72d27a23d2fb9c40fbdf8378

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
65d761f8e2d29defffba693fc8749fd9

SHA1
db174875eeae1b45326706df89b97d57084b6b8f

SHA256
10586a23406b726e7f7c9360dd9eae60f3600a53740c70df2730555bf416473b

SHA512
daa3ce9f0fd53d106bb901c05f17b6768e6ada013f63773631a34c1dd501a59415bc0dcc3ec6976e42880ff976b686ee7d8823931a777a0e88de3052717940ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f241f0d78198b061bb9a89167cb4a0df

SHA1
58d52409b16b88fbf1e2096a5b78b53d7d3a4661

SHA256
895d34667ca28dc1c8ce889060b33e108aa191abe8587deae25d5bd2dd5e6bef

SHA512
5c292e5f5fd9988755c01b76d6b32c6b9770dd8d930ec4510c30d36f92230ccea0f5678c2d50b06c39b5eca3aaec929ffe2a14e2a3ff36d76eb9e9ce69afe058

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
a9d92306bdfe2b9e04a9e8598bf62bd9

SHA1
317b4a49ef8f8383936daeefba3a4ba97e605301

SHA256
f84fadba19749ee022f54942503ab189eed103153947dedcc5cc8a81531ecfac

SHA512
91e103d907067695b730b49519f9d190550137a8d70fb9e3c31f5f650426232e9716b8f1c492501cb2052f3cd07902c315aadb5344a0cec5c2c4bf7a6def910e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
5edab6d3ffbeee247ccb4423f929a323

SHA1
a4ad201d149d59392a2a3163bd86ee900e20f3d9

SHA256
460cddb95ea1d9bc8d95d295dd051b49a1436437a91ddec5f131235b2d516933

SHA512
263fa99f03ea1ef381ca19f10fbe0362c1f9c129502dc6b730b076cafcf34b40a70ee8a0ee9446ec9c89c3a2d9855450609ec0f8cf9d0a1b2aebdd12be58d38c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
784a51387993e9aeb34d4ad4ed93ab48

SHA1
1cbf9ea1b6c2ea18c8670f26ebf9c11d7d245bc4

SHA256
567af49b26f4676e8c8ad07b34db13ae7a9e19ba01e6bd1af390a611b44413f8

SHA512
ba34c55cea5840723b16f09f0a790f823a5a65657f8163018cbfcbc3a13c83b1b4b6a1f8ca0fe188c1ba7d78cc9319889235c0f6042a2013755fc6d820e4b9e6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
206702161f94c5cd39fadd03f4014d98

SHA1
bd8bfc144fb5326d21bd1531523d9fb50e1b600a

SHA256
1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167

SHA512
0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\shared_proto_db\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
9KB

MD5
81409538b4f782271250d15506e9a171

SHA1
877cf7d27b8fc4743eda6f273a9b0956203109c7

SHA256
62e0889f60b30d673f67b7722b4c7bc02edeadc9cc8cb54ada23cd3c8a20ea74

SHA512
708f1be71051380e50a93018dbc8a6e45385e71c32c23c7c90efaca4a2d84028e5ae120dcff2b5454db7680b63b03bd0e8905779ee84e66e262299cc8dc1e03e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
c6c11eddd1b19e015fb56a2e2fc6e7c5

SHA1
f1110aa68fe4cfb3a53ec0e4196c012ee6e1141f

SHA256
be679c32a3bb2a3e126b22872f43cb47850197e2720a4781baf19a82dae3149e

SHA512
ec963cc6aa005b2f5982ea05227cd2c367ac98302a4587798cfe802c1cf73ef01b09f9ce64c6ee1c601ca1c2f3c4745ae2f76a9f75b50d51d898a76d91343374

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
13KB

MD5
b8e579ba3d7ac7dd4f44470fb6915648

SHA1
1dfbefe3e077ecfcb7cc9460e16f06f69152f7cf

SHA256
5b8c607a05361bb3ef2c830691eb722405b9598c926f5b5675103cc5e65c8306

SHA512
66cbae792d5b7ea7b592e42e8826e2df834ae4ff3d699aed21c8d03a95e0deb3eeeeed0752ca452fd3079fbc3ccd277de71a42ab1dfa7f70206c3de54700d51a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\activity-stream.discovery_stream.json.tmp

Filesize
139KB

MD5
44ed3730ef968b0c20f08cd02a38a9ff

SHA1
be5c2169286f36a14a394b6788debc0389a02997

SHA256
133362175d2e3c427ffe10f600084c43f3a08f6412e5e30726ab8f3aa9a274f1

SHA512
f0d8596543163370fb1845ecf65dd7f6257eebe6dd806b0a2edb42f2eab18cf5a30fd4a5e45c7a57f3071946f4ffce4c0ac843b61ad6984ed719d5a592c45f4d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\28791

Filesize
1KB

MD5
290beeb317608f46d6f1b900bb27e587

SHA1
7a6c8851778582dff3cccabb1352c622384d6325

SHA256
f6ddcf85168d9fc0364e94456cb30ef1da990ee63d5aa9084791b1d539d1748b

SHA512
cdee2319e363a5003b94a5dc58990db8df4feb60f5f98fc6f4e34f50956fd95deb5b9ee105640735f7345a2b00fb137bd8a89479865cdbbded03fc43f181bfb3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\doomed\8511

Filesize
18KB

MD5
2d1bfed7827b9142c9275dbc89d40164

SHA1
4c2b61a8c0c61f5ec1575231f37da65ff080f8b5

SHA256
4b947ae8880ec6c47fd50c0d84ca1ba5a8b2b9ddbd651e6634e7fd80d3c81789

SHA512
2a7cd53b2c1a18020f50d9cc9276aa4e4b2270dd1d4401fb34c6d211b1ff79e9419a644583714bc4e840e79c2d38bebfa28f6d35dd9a32550934060f0e1a9d61

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\bozzcyfh.default-release\cache2\entries\917E41E135032D6BD66E5D6F84F0988D37234A33

Filesize
14KB

MD5
0a004a432c1604eaee57a012970ad94a

SHA1
653a9befd9cdc9f68a1e31cdef99988cf67186c6

SHA256
b699061ff87c8b6fffc661314449d12d6bac5a24bf747a5db7271982e61bb1a1

SHA512
88b981bdea21ad78b9c1b99b68ffc61b8d6bb4549f61beafe54fa556e009885ab46ec60fe92e7eace749ba9bb7cd5d95ac191745ef8481f93ac0026beae5c76e

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_3voiatgp.taq.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Microsoft Edge.lnk

Filesize
2KB

MD5
25bbf36fd8619c7d627555525840bf1f

SHA1
7836739f5443d8f366ed45ca744ced111b21b234

SHA256
f9767c4ddfca79aefb2a83d9783feb7ecfe3df970d7f3775c790113b86985f73

SHA512
7ba2a74b9fbd265066374841a58a36cffcf57c919388282839b8cf5e54461f9941832559637765c76610e564d27e2a12d9b93575b6b43f07c429a47717b2f887

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
7KB

MD5
fe2f97c63be678091db83104136efe5a

SHA1
594340e2d5d8fdb98a03171fce2c48924a343bad

SHA256
6c910e0cf8c0e25e3f3bf6a70b7160a6cb33821662d5c73a2e37daac5560340b

SHA512
bd5c29803b87967bd7891849d478400c5c05b26b95841e7c2f22c489420dcef4560c4e6a7b309752abb8cb42ce0189398a9a02d53411fba27f32d24d790a6366

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
8KB

MD5
49bc6cc37ecfa50dfaad8cf8289f2cb5

SHA1
d19f43950ff395b32c353bc1e3164aa541740dc0

SHA256
9a5ed2a7d7ec1312b0c81a7e7878bb9877d2180d71414c5dab272a16a4270b7f

SHA512
56f2224923c48c3a705bdcbd351974ab06213d0b51fa7c168fa7c39db5c71d341b8ba11d28ae060d25446453e87e9cad24dfd8a684456086b1a01a75bde30446

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
3KB

MD5
908d4e572ee01c2744b08bfc2e8f7e7a

SHA1
d11f1f0f00beb8d5d4cdad69667982c01d9c7b1c

SHA256
e9295f55d704f9879ae40752a0caf1b4ef24177b1a0bfec886a6dd3e10364ff2

SHA512
15b6fb2db906bbe444b1976c1ff9749dd73813dac9a146327658fa597c9492e05c7a7da9037cc9b840f38fad2d584da4c2f81207c111083c50c9b7187869b708

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
6KB

MD5
78b2f1a531c0c0fa362684d80f6a4e9f

SHA1
60c1b2de6bc271fbac438ed142e202512324b50f

SHA256
39393167fc5290b761e6ecb5881a46cd94639454b6e994c6ab8e252e96af6eb3

SHA512
6b82b18508863a26821114a6392dc88937861dbaf28b0883714f72fb38ac28b85f26b002cb10109a0f9c945e0706045735c78ba62978834753c786587c6f5936

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
6KB

MD5
73c2d4d80c0d38c99d7bfd585ff49ddc

SHA1
e271af4ed669abeb56068c35b1a0f8cfd1f8d482

SHA256
14145c0050d2c4c204b270d5a95f367e39c7344b2467174b9bb806fa17c5fbda

SHA512
ffe0001fe6ff0ca44cdc2e8edf97b2776371fe543a66899de17f2ac12f799ee8c5303fe010e28d2933017b13be5ff047abae6c8c61d8688b3565892571f64ebe

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
7KB

MD5
647357bf57c34463b2caa54bc3e1174f

SHA1
d121c55d97cba596e4bcc5b432be9003ff0dd8c0

SHA256
0faa6ac9f1c455b291a4808c14e26c933ee055681f35fe44eb05530ff07bb720

SHA512
8a9055118ef53cf7d25cd0ae765c9357a8ca80b8dd24227b4c3371d03efc8b2e3e2982c51fa3aa81325ac656225ed6677e6c85db46d3366d0d08eccd57690ef9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
7KB

MD5
f840aa4c0771ab681cc85bbcdfbd541b

SHA1
3797dcc38137a1344ee5c9446c11cc1dd67d9c84

SHA256
da291465a42562fda09a5a6d67b5e4d3abaf702a7ff978fe02e59b791e61b311

SHA512
64a92f5cfb251067aebf9293853754a71533e576369880a99d191dbb04cb02edd07ac27b8bc8d82f7b02b92389eed20ca2911561121643f5f07f06d546e62fc8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
8KB

MD5
1b51edbc2455218128aa12aeac5172c2

SHA1
224ad8e5c1a2753351a92f1476e7ad2549be4769

SHA256
d87dc1782d873574d0f7c7e9e32d5d0b80e29d3ec1a59a58f5e80f8e9c89b010

SHA512
4682498d660e3044e9a135feca915f915c0921418752ea040626a09364eca4ba8952b9b267c6a152f9ffadcadf9de70c5b4d660c5fa7231d61895a65178cb974

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
10KB

MD5
c00828efdefe2d397a1366029728ac18

SHA1
48474341d1afb27a51e9d81132e487b1455161bf

SHA256
a4da0f6a02f1e7583b63d998ee807f75a64bd26dd7146ecaf77bb4b1d4a756f6

SHA512
f608ad78365b64905e7e731a4acea81674245c1e4967bf6b76d83ea2659c28c98c798f1f6a46b3011c38486a811531d184205fcc2a3cea23652579e679a61e61

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs-1.js

Filesize
10KB

MD5
3ccb5520d6be3049e85529739f708162

SHA1
faf565af6e665762e70fbdaf80c78b24aebb3685

SHA256
2c545538c0e3f1c51a05cb027daddd62677e57146e1447e943696d3a5b63de1a

SHA512
076df98f9c1235766fcb906e6003146a55162c4a7d34ccb2d5cffe9bc866e5dc9a2a0735c76c75cc9abc1eec6d225b13eeb2a03f6e06d45da9f1f9a4380981b1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\prefs.js

Filesize
6KB

MD5
fcd5f37e5e4066f7cffe8eb106b6ce19

SHA1
b0a1c4d3d5c96271429fb09cb71055d177c13402

SHA256
38dbdb91f24f8e138803d71d0f7e4758fbb78e7f657208325fe30a501e225c67

SHA512
afdf7697bc784c3c85f30a8a1e4caa32459cf7f19c1ffacde04f62f089218ff1899ffe69fc465677d719546c8f91bea0d04807b13d58096f79aeba8eef0a0a15

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
dccdac07c9fd49e03ad9ccb7c0f11b5e

SHA1
671d42da0128e0b1280fa2a315d79b06e54f6cb7

SHA256
57c2deffa7fd0f52bba051b7b08632858c79c46e1e0986024b7efe857f67093f

SHA512
982afa700875ae5440bd52781ae77365f1a498bb691edd117aec4adf65ade0cf1ffbb7561aafcb622fe9ea3bb12775c8217e6c4465df882c28a75b7a1daa74d8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
1698390c79cd66c211d9f64cd2947c34

SHA1
d0cd3954db9c61ec0c3aece5426c36a7f9bbc78a

SHA256
21e4fb9706a92d1c1b2e595f496c6c1980b7094dd512e5229984bb68079765e1

SHA512
48b64eda4793de27a02bbf09212289b02cb78f6738aabfbc7f60951bbce8d83c1d3dd9e308a909e3a1bd71f290363c34b76fde178d259ba4f80e0be17a25c861

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\default\https+++www.youtube.com\cache\morgue\0\{31f8ac61-14b6-4a68-bc52-c46bf596a200}.final

Filesize
3KB

MD5
eac71972730835615d0dcf9084516695

SHA1
ac57ec1793d98eb0f8fcaa75a16eea4d42bc59b2

SHA256
5f5efd229a87dad648a5ac162010105e5aacdacc5b2b7228b6e7b09b0630eedf

SHA512
991cb45acbdf3db25563347ec7da87dbb98c112a6f7dcbbd19766eabe2a01468f9bc0aafd5cd11f577d7876d443d4dfcebf2f318dcaf95d7f1ca8214957ff5e3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\default\https+++www.youtube.com\cache\morgue\122\{5e0b8dd5-9b1b-409b-974d-473061f4197a}.final

Filesize
74KB

MD5
12c153366b5873aa53b423190ef75c2a

SHA1
5b818717cb1f44e4b6a341cd84e347026c54309b

SHA256
8e97cfcb3bf25065e62b6f0fd08487172bd1f201bef681b7427e23187fd24171

SHA512
bf3739a35dc23fd3a19a280b66ae3087094312045ef0ea0ed2d224149a2f7df23092918a5ca450a37a4f9f2810332ae5a666ff7c172da8edb713094f4a0cc97f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\default\https+++www.youtube.com\idb\2329032970yCt7-%iCt7-%r5ecs8pfo.sqlite

Filesize
48KB

MD5
ff95d3f469f56cc037055cd2f52299b3

SHA1
c0ea6ca0a9a817bd8c91723c6ff3aa9009c564a4

SHA256
3a24679ccf8c3c3ab53ad60a574ba68292e1279fee189d84458bb2957053eede

SHA512
19bf3c7ccffdf796b211aa9338b4bd12d3af183b4c3d0d8c09135625083b2581b130825c8161685c785a93e22758fe7e02cb493358ac8e157c2adc4cc4789d51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\bozzcyfh.default-release\storage\default\https+++www.youtube.com\idb\3211250388sbwdpsunsohintoatciif.sqlite-wal

Filesize
40KB

MD5
bbbedb8fab8e78e2f19e9a35f63a1b3c

SHA1
48337d8a130f1d4ae77dd33b5c3c4272560d47a2

SHA256
c215e9773b4a4fd37dce73daa4bd0171901519838c324e9e17e148a7f1959c1e

SHA512
a6a593c2cb7c22d5d0a35df9fc94b205a1540edf03d8f7157f62e4e441313908ac912733b39a2b4416d8446c8c8d8af7f378940bf5a18586a74f297bce78ff2f

Download Submit
memory/4536-144-0x000001E3CD6B0000-0x000001E3CD6C0000-memory.dmp

Filesize
64KB

Download
memory/4536-143-0x000001E3CD6B0000-0x000001E3CD6C0000-memory.dmp

Filesize
64KB

Download
memory/4536-135-0x000001E3B5270000-0x000001E3B5292000-memory.dmp

Filesize
136KB

Download