metasploit | 6a624904d7a7ee2ec27e637164ddddd102cc799ffa9c14a05f88762363200bf1

Analysis

max time kernel
1006s
max time network
974s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
12/06/2023, 19:58

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

google-chrome-stable_current_amd64.deb
Size

90.3MB
MD5

dd0eddde8db9492a7826acbfb1499cc2
SHA1

004796a1e3aba6f00df61c012afd91ba563ee93e
SHA256

6a624904d7a7ee2ec27e637164ddddd102cc799ffa9c14a05f88762363200bf1
SHA512

fbbfc2b3d9bd3cfe19e2af62cd8b216700b994df52043c01b84caa69655641ab755827266f11dcc5ea6f44ba2980ccf16a35e88ab7102750e2bb7eafb7a1eedf
SSDEEP

1572864:x8vFCXj7Vldzn63FQwAjYxQC/YSk1olcHeAiNnr0DZTHiXeW1Hsc4K03BOmfUwUN:yQXBnNnYkZHPiNnQBVW1M9cN

Score

10^/10

metasploit backdoor trojan

Malware Config

Extracted

Family

metasploit

Version

windows/reverse_tcp

192.168.1.209:4444

Signatures

MetaSploit
Detected malicious payload which is part of the Metasploit Framework, likely generated with msfvenom or similar.
trojan backdoor metasploit
Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
5324	test.exe
1948	test.exe
1124	test.exe

Drops desktop.ini file(s) 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Gathers network information 2 TTPs 1 IoCs

Uses commandline utility to view network configuration.

System Information Discovery

T1082

Command-Line Interface

T1059

pid	Process
4964	ipconfig.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	msedge.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1675742406-747946869-1029867430-1000\{7C82B42C-F047-49C6-9F8A-CEC3CABAEE19}	svchost.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	cmd.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\Local Settings	firefox.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\test.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 6 IoCs

pid	Process
5948	msedge.exe
5948	msedge.exe
5584	msedge.exe
5584	msedge.exe
5568	powershell.exe
5568	powershell.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	3480	firefox.exe
Token: SeDebugPrivilege	5568	powershell.exe

Suspicious use of FindShellTrayWindow 5 IoCs

pid	Process
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
5652	msedge.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe

Suspicious use of SetWindowsHookEx 5 IoCs

pid	Process
3424	OpenWith.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe
3480	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 4472 wrote to memory of 3480	4472	firefox.exe	94
PID 3480 wrote to memory of 2032	3480	firefox.exe	96
PID 3480 wrote to memory of 2032	3480	firefox.exe	96
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 2872	3480	firefox.exe	97
PID 3480 wrote to memory of 4252	3480	firefox.exe	98
PID 3480 wrote to memory of 4252	3480	firefox.exe	98
PID 3480 wrote to memory of 4252	3480	firefox.exe	98

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\cmd.exe
cmd /c C:\Users\Admin\AppData\Local\Temp\google-chrome-stable_current_amd64.deb
1⤵
- Modifies registry class
PID:868

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3424

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4472
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:3480
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.0.1788466746\857986348" -parentBuildID 20221007134813 -prefsHandle 1836 -prefMapHandle 1828 -prefsLen 20890 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {48aea913-b50c-47dd-9ee8-663870b74e23} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 1932 2724aa81c58 gpu
    3⤵
    PID:2032
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.1.47171866\1088134933" -parentBuildID 20221007134813 -prefsHandle 2304 -prefMapHandle 2300 -prefsLen 20926 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {bf8e9e0c-6469-45ef-a67e-4236cf8ff13a} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 2316 2723cb6f558 socket
    3⤵
    - Checks processor information in registry
    PID:2872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.2.764207023\874113433" -childID 1 -isForBrowser -prefsHandle 1684 -prefMapHandle 1680 -prefsLen 21009 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {79d31057-2e2a-437d-b5e2-c8ab2ec6bbf6} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 3080 2724d6e0258 tab
    3⤵
    PID:4252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.3.1309451477\1235620869" -childID 2 -isForBrowser -prefsHandle 2920 -prefMapHandle 1276 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4e2f5fa3-88ff-404d-8bf1-0c33d54ed74e} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 2456 2723cb30258 tab
    3⤵
    PID:3492
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.4.1887859158\919608266" -childID 3 -isForBrowser -prefsHandle 3916 -prefMapHandle 3912 -prefsLen 26519 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9ba12dee-a379-4b19-bb22-02205792ddac} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 3928 2724d8ce858 tab
    3⤵
    PID:1652
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.5.1600214805\1796995217" -childID 4 -isForBrowser -prefsHandle 5024 -prefMapHandle 5004 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {aff1531f-f1e8-4e98-b1ae-99cafd30d601} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 4916 2724feb8a58 tab
    3⤵
    PID:2644
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.7.562559011\1242323160" -childID 6 -isForBrowser -prefsHandle 5336 -prefMapHandle 5340 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0e45abb8-face-410d-a4d7-6e5340c04d41} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 5328 2724febae58 tab
    3⤵
    PID:2332
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.6.545515848\526499605" -childID 5 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26578 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dde639ff-a217-43ef-b15e-a72cc5f71956} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 5140 2724feb9358 tab
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3480.8.2144525481\496373653" -childID 7 -isForBrowser -prefsHandle 2700 -prefMapHandle 5600 -prefsLen 30245 -prefMapSize 232675 -jsInitHandle 1492 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88da5f45-f0df-48a3-b0ef-099cf6e2a621} 3480 "\\.\pipe\gecko-crash-server-pipe.3480" 5736 27254b7e658 tab
    3⤵
    PID:4888

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultbea6b4cah0a30h467dh84d5h99e1183b8148
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious use of FindShellTrayWindow
PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xfc,0x128,0x7ffd142d46f8,0x7ffd142d4708,0x7ffd142d4718
  2⤵
  PID:5704
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2156,5463241044348184530,4534085178573369704,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2220 /prefetch:2
  2⤵
  PID:5932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2156,5463241044348184530,4534085178573369704,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2304 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2156,5463241044348184530,4534085178573369704,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2776 /prefetch:8
  2⤵
  PID:5192

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5148

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:1092

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault409c28aah6224h401fha25ch797cb378f5b5
1⤵
PID:6044
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd142d46f8,0x7ffd142d4708,0x7ffd142d4718
  2⤵
  PID:5424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2216,11804832773545058979,18044862409009486626,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
  2⤵
  PID:4008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2216,11804832773545058979,18044862409009486626,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2276 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2216,11804832773545058979,18044862409009486626,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2224 /prefetch:2
  2⤵
  PID:3052

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5204

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5152

C:\Users\Admin\Downloads\test.exe
"C:\Users\Admin\Downloads\test.exe"
1⤵
- Executes dropped EXE
PID:5324

C:\Users\Admin\Downloads\test.exe
"C:\Users\Admin\Downloads\test.exe"
1⤵
- Executes dropped EXE
PID:1948

C:\Users\Admin\Downloads\test.exe
"C:\Users\Admin\Downloads\test.exe"
1⤵
- Executes dropped EXE
PID:1124

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:4816
- C:\Windows\system32\ipconfig.exe
  ipconfig
  2⤵
  - Gathers network information
  PID:4964

C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:5568
- C:\Windows\system32\more.com
  "C:\Windows\system32\more.com"
  2⤵
  PID:2820

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Command-Line Interface

T1059

Persistence

Privilege Escalation

Defense Evasion

Web Service

T1102

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1d40312629d09d2420e992fdb8a78c1c

SHA1
903950d5ba9d64ec21c9f51264272ca8dfae9540

SHA256
1e7c6aa575c3ec46cd1fdf6df51063113d277012ed28f5f6b37aea95cd3a64ac

SHA512
a7073247ae95e451ed32ceeae91c6638192c15eaad718875c1272eff51c0564016d9f84690543f27df509a7d579de329d101fbf82fed7cbeb27af57393de24ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
cd4f5fe0fc0ab6b6df866b9bfb9dd762

SHA1
a6aaed363cd5a7b6910e9b3296c0093b0ac94759

SHA256
3b803b53dbd3d592848fc66e5715f39f6bc02cbc95fb2452cd5822d98c6b8f81

SHA512
7072630ec28cf6a8d5b072555234b5150c1e952138e5cdc29435a6242fda4b4217b81fb57acae927d2b908fa06f36414cb3fab35110d63107141263e3bba9676

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Edge Profile.ico

Filesize
70KB

MD5
e5e3377341056643b0494b6842c0b544

SHA1
d53fd8e256ec9d5cef8ef5387872e544a2df9108

SHA256
e23040951e464b53b84b11c3466bbd4707a009018819f9ad2a79d1b0b309bc25

SHA512
83f09e48d009a5cf83fa9aa8f28187f7f4202c84e2d0d6e5806c468f4a24b2478b73077381d2a21c89aa64884df3c56e8dc94eb4ad2d6a8085ac2feb1e26c2ef

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Local Storage\leveldb\LOG

Filesize
334B

MD5
fbe5503e75dfa1966ffe8d945be18ff7

SHA1
09a25e156c2f042a0e2c7a92bc8eae2ec80c7b46

SHA256
adf7964377f0e03627657a8e9b1e13b4bb23216fb40e022e1e12b4afbdab17c0

SHA512
3085f2cba9ec9a01da46ddc6cb1a5b3671c19d053c27dd1433adbc75defe38d6bc6783fef52a021b5bd4f53d127dc6c55008df26a0f946fbfeb66ba60c50d8a6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Microsoft Edge.lnk

Filesize
2KB

MD5
e593bb633988fc239fbc4d8a4f2aebed

SHA1
3ebc8bce7984fa6ea96512acf0c4cd4b28743e9d

SHA256
8c5e9d2eef45f1d15cb65b519679e7ec067190cde0aebb9c9f3629bde6abb745

SHA512
0845cc646a13d7b3f8cb458ee95fa1b0113c09bc076f685951aad22231d6581254f616c263a07c9d37c20dd3b4190f484c182b31ab80adc13404f129d23f6f1a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
4KB

MD5
1ccac56e994d94bd8d1564f1a3176c47

SHA1
401ecf2d6cebc930ac97826a5b9dc540d55b7ebc

SHA256
cf3989282992a2c9027e707b29ce29e08f51147384813658a5273e6f302d739d

SHA512
cbf6246d64e862641238a1fb9142793f0db7c5139baa609d3d5478e1bc413f45f53ec8c542f0cb9833dce00066a34965e9c9b05a562fdad7df0d5b1188e19e9d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
3KB

MD5
681b65a826af34dd3b36e6aadcff9eb6

SHA1
107345fb6cff9bb528ff9fa342e17c4a11e7cf10

SHA256
e354db36871a279d5dc294171c448bccbc6a210c1cf2a33b8d63f1abe5764c7c

SHA512
27578be83ff75f9266053067c4fd8753306b4778d5e3c686adbaa4c9c04cefbded949783694baf9d6d16a3ea850433f15ddc8454351e9e9ef2df20ff38540c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
3KB

MD5
681b65a826af34dd3b36e6aadcff9eb6

SHA1
107345fb6cff9bb528ff9fa342e17c4a11e7cf10

SHA256
e354db36871a279d5dc294171c448bccbc6a210c1cf2a33b8d63f1abe5764c7c

SHA512
27578be83ff75f9266053067c4fd8753306b4778d5e3c686adbaa4c9c04cefbded949783694baf9d6d16a3ea850433f15ddc8454351e9e9ef2df20ff38540c2f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
d7e468fcd3d57b13d8e54171b9de0819

SHA1
b516131d174a9683f35b70c32ab7fb3c602dfdd7

SHA256
23aef2299c640ee0946251336cc11620f3ce58affafc42279b8388be99a8b93e

SHA512
f2c88bebc7cfdf9e1ad72397946befef3f8c6201a6cf119d16bf6a397a201f751f3195f95d69e7b2856abec612c57d76473cf60bc4a1ebc629dbbee92382bcc0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
c997e66fb273550ff8811d9bf54fc4f2

SHA1
ae94c0d0926bbe9960475a0fd56b13bfee98ecf6

SHA256
7f0260eba687ef73d359448fc51fe4ebcb1c69aa466c530b1e67f1a52226b143

SHA512
e81614a20a317fe4397c8b9aa14a383ad57992de13774f3ea14004cdb39098089167c575b65a9ec59ec27455e5b257642f6eb3292c7c543d59ca24b291967278

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\GrShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
2c84cd4dc48b903017f1b3847458870b

SHA1
ff17faf793516d353d2b53e34309287dc21cf4b0

SHA256
cd6f6e6df72aa59e2964d054f8baf585aee91ab6bf448f04e4e86d643cb24795

SHA512
9963325e1f03f964d07feeba98caa0fe16244437972c84ac9d6c138a334c85e564a6496e299340dc4ba0e71d601a84d2f950a8f7c3ccb08572a256b4379c8dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
2c84cd4dc48b903017f1b3847458870b

SHA1
ff17faf793516d353d2b53e34309287dc21cf4b0

SHA256
cd6f6e6df72aa59e2964d054f8baf585aee91ab6bf448f04e4e86d643cb24795

SHA512
9963325e1f03f964d07feeba98caa0fe16244437972c84ac9d6c138a334c85e564a6496e299340dc4ba0e71d601a84d2f950a8f7c3ccb08572a256b4379c8dd6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
3KB

MD5
3925b7af7a79d5381b28c5130f6d4881

SHA1
15326246ee46086d52f8e71d1a7c065cfcb51be7

SHA256
20f90b9972310c82d29ce87e424d5ca3560acacc991557356eb82dffcd90273b

SHA512
305cc9804a47de712520c21c66ddff55e979e765c15ed832d4f88acc6f2c6c7eb4e9c39e38bf9d9f1bea022eb8a4a0d715d081272426ea2fae0f0198e1047b2e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\activity-stream.discovery_stream.json.tmp

Filesize
148KB

MD5
f296dd3fc637020bb1cd3c84a48cbc30

SHA1
ec278349f96bb4319f30c26ef7078c7d4c203c90

SHA256
bb8ef5f3f22a7e58cc59e5bca26e34693d3f76e78e6ba266221766eff94f87f6

SHA512
91cf48c30fa5608a1a29a009173eb4d812146be61b3d1c28d082717bc6e9b92731150e2229ec875ee0adf44edae248633aa4e21db7da3276603e1a0a6a4cc79c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\3o4pebi0.default-release\cache2\entries\58D46C4012E4AD3623A4EA72BB3C1CDD25B3FF87

Filesize
14KB

MD5
14e05c065703b35b35fe65a88914888f

SHA1
717d402d16f5310ca43f9c9fd2e22a0c18251e0d

SHA256
8747f3f0e9885cdd383b62e0b5deb19e4f6005e56a39682528cbdfaaa05c28d4

SHA512
0e41f4ec0be56876cb23938b22d9228ffe5bf0fedf4f4ce2d2ca76cb2c92b8072913779d55b2da9543f681c29d5fb787980cf5d2bc43f077b55466992aebb178

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_e2rkngyv.pt4.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
9382caa36e8c7e8be557eca0c570aa05

SHA1
2e7fafa8f1c43aa9c43bf9b174c44c022466448f

SHA256
f6f15fa109f4772f0bf43c3756e297c05f826a411a60b4c31beccf10ad7ff7be

SHA512
175af5bdd5c7df99050cdac912c4d7da02eaf6cf65d25bf56bfa89038cfab10478e04c1b26b810d4d40e2046916c453ad98b8884c001023cfa594dd468348f4a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
a66ceefe28879e6bec60f62858f3c568

SHA1
2b5842f2378b5de334e74e743fa45c1f55cc97bd

SHA256
603fd3fbefab3db60c91477eff7132695f236872e283676828f856e0504705f6

SHA512
cdcfeaea623148b0954b5fa94324d3be689dfb935e53cd233c28cb535ebfee4f7d49584f19c1aaa1ab55e0fc352a5e21ec1bebd28b43d8985df3e5042106ea43

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
a3d40f05479e8a2ee930725a03994121

SHA1
398f0ca3d1af0c53fed160e2a9dae773bf304899

SHA256
cb201ca6717909e63ccfc51dc82576b172451549fc6be745085a9710a1e2cb22

SHA512
b5c0b29a49c51a028c87e1158997cd3857610d3a9518ca30fd76b094759672d20a1373ca236a3d7055c77178f4c1db232f766010b1f97d1445e1249e69f09742

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
1c3c58f7838dde7f753614d170f110fc

SHA1
c17e5a486cecaddd6ced7217d298306850a87f48

SHA256
81c14432135b2a50dc505904e87781864ca561efef9e94baeca3704d04e6db3d

SHA512
9f6e9bcb0bba9e2ce3d7dabe03b061e3fda3f6d7b0249ecf4dbc145dc78844386d047ee2ac95656a025ef808cd0fc451204dc98a1981cf2729091761661a3b49

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\datareporting\glean\db\data.safe.bin

Filesize
182B

MD5
b1c8aa9861b461806c9e738511edd6ae

SHA1
fe13c1bbc7e323845cbe6a1bb89259cbd05595f8

SHA256
7cea48e7add3340b36f47ba4ea2ded8d6cb0423ffc2a64b44d7e86e0507d6b70

SHA512
841a0f8c98dd04dc9a4be2f05c34ecd511388c76d08ca0f415bfb6056166d9a521b8bc2c46b74697f3ecdac5141d1fe6af76dd0689350caca14e9f849ee75a8b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
6KB

MD5
029a7f8013a3192626f7797776b9383c

SHA1
ea4f0f2cda453d1ee407c0293388851bb9942616

SHA256
bd681273a735e9647d85843f4fd762b41861689b9293d9a06f99b5f2a6942150

SHA512
a25634c7567a30699b3fd7d63b19dc2c6ec63b5901a636bb7e86d015d08ec592bf0681f3ca2fc702caa0d75e2b484d44db8706270e5992b38240a9d821a404f8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
6KB

MD5
299ded88a2b0412227cd0ce8e397fa95

SHA1
6968f325a65e821a70d1123c7dd89ec12ecee4bb

SHA256
3790e4c5012a67a3e3381d15f10d809187f3f5546e648a1158928d1f592b7330

SHA512
63749fb68752e4ed1f48909b94091a8dbdc2783746d210df1fd761c9ec0b8974a961d2147d507dbd149484b7fa56a8f9160fb35dee111c14dfc605aebf4606cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
8KB

MD5
52fed0ac3fd3ca67a395645a44b3fc95

SHA1
b39684d160e7955e0eca9c6ca8f5c5f8630ac399

SHA256
65be58debf0e5d5f9bffe97616f89060b7ce0cf1eb0f17b97d4fdd319de42ebe

SHA512
e96d856625ad7c215f72e0c4245abd6b61c2cafeacb30caf2d519ad9b5a6d214a8dc1100f7739b720617fda723045b9fd0ebad5fbeb557dd507e31e947599df4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
10KB

MD5
199ff784d0062dc5b2eaf76d0f5e96d0

SHA1
6711756f6a3607f383f8b70e3541ae13df30bc4d

SHA256
c20db3003e425f46db2c8b3621282a259b1c6d44626a62627b27551fdd606e67

SHA512
7ae9b4b2dac739fb636288802710ad889a4d270443e800d04b7801031411e4494c6adce164f065e7fffc3f0857baa53da04b64ed0431d53eab7910d5dffc4b03

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
10KB

MD5
2bdc36dadc4de8003d5b82bb8a9c9f41

SHA1
39845c9979429c9507aaaca4f73ee839c2054e71

SHA256
d022d156076e007258804bf05c526748087c029a9a8a874d695ff4648aac204f

SHA512
1167afe3d1843a4178afd3ff4dc2fa551bd90ab272dd070738bf9d58333a33205654dd6b4a9732931427ebbeefc2bea9c073e29d6f3be25e9c9194aca706d40c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
10KB

MD5
15da22d30a5026f1a6479792408bde9a

SHA1
a21ae6f46da8be9bc8d5b434e7fb5a1d1a31bb12

SHA256
759f18e21a50d3ee90effe7982fe4434f8142190acf9a98339ad92938501a2cb

SHA512
552785439e97adafe4fdf5a22da9285dc9c27355c6fa6cbd54089a35dc95f0e74afcf43476aeae670c4f77729231c8fa9bd415c5bf511b23eaa3a35108c1b87e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
10KB

MD5
f2c24ddcf509747d7de68364a47cfbc5

SHA1
1d6113c0c54d7d95d266bc2084f96ba45175c1f0

SHA256
156d79e9acb3ff8cc1ff6f36253e67a349812db30558484ec6157dae4a242214

SHA512
62ee1d82ff3b044d8c42f944d439bfd82ea85978675d188a441066b36ff6668e02be20c6c22677e132185eb69baa580b82b75b27f1cdc2fc3b350c787f337eaf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
10KB

MD5
35f0c053170fa0b2d99191ddd914bec3

SHA1
ef3aca85afe04fed52411ef849445c4b8905ca5f

SHA256
8d32ee0fe4627618fde0364cbdaafe15312d74ca43ed87a217b1c2635b8b1549

SHA512
50cc93bb004ec9c3156bacad46f00adcabfe169b468137ab6144e1cf4a073f657676876a83e9954710d59159b803837996a9087beb843ea20665ffed7de510b0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
6KB

MD5
00bb409b48aa00ebf33ecbaf9fa57e74

SHA1
e6547d84ab3f522efdce7548bba7eb34705a13f7

SHA256
d5ea86627dd17b3e8ad3a5d2f854c9c1ad2762932c24451256b167cb8ecbc205

SHA512
c6aea38ffe432de0bd3535527dc174f8e4417bcf07431358250041c51bc0ab012b389a7d82cde21d53787ae5679c3777ec78e945d8be78b9ffc9bcb5dda64e4e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs-1.js

Filesize
6KB

MD5
1eb53e3edbf7969efd67d4ac19129495

SHA1
621b27cfb30c7110a06a6f1f11c71e1de3239de2

SHA256
c370d0d6d579c65972c00f13d29846c41cc66bb06466c5d26ad3e1225ceb177d

SHA512
d9e06f641052e1a666ef9d639df95ba905e89fc182f06cf6013f6e1c5b8a57d10fa0b5c90cd369193d59e30d6dcf045eccdfa890257dbcb6990479ae4d3c2cb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\prefs.js

Filesize
6KB

MD5
1984b45f201f1fd79d2154406648433b

SHA1
42f082dc6d4d43333688690bf4dfa7c7f8b618ab

SHA256
000a408519010d12b94281710f9a987f822093a1efb5293bbb50ca2e4a6a9df9

SHA512
e73a00cc8994d4023168e93ff5f5b6e6b13ffeb740872b64f565787cbb57e49e64eb03e4de1d8068a6f303f0615749fb27cb47bdbc4cef3fef1290bd3a3a17cc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
2KB

MD5
538a5aa7d692d0e5f645728c322e6f25

SHA1
48daf878ed48194dfca7b66cde3b898137ede23d

SHA256
2bb83ec85ce5e24cd77527a73acaa7b6785523165bf14c794d9208c7afbf3782

SHA512
af855ce7b52556f1531cf80c7d65e38f700053206975502974150d2f42104d82eeac76d6e106ac61982e15b1c533cd8adb5d5764e437b2076653cc93b1aeeba8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
664db6c7284b8b1f674e8605423cafb6

SHA1
0c1e7ed3d213b271539580462464d09ef88864fd

SHA256
1867f5188ac8784c1e93c4abf544fdfeeea037b5a155772f28439fda512ca62e

SHA512
441768a0f4e13ae76ef4667a0268c48bad4cf30f1cdfde94c1a4b8b8fa1e380c63c107301751d49e6a0637127b8d4521aed3500d68fb65addbebaa0727515411

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\3o4pebi0.default-release\sessionstore.jsonlz4

Filesize
3KB

MD5
e48882e3762412a1805b104c1e8228dd

SHA1
c7c3b5030ac166012d59700682e69d0c48380906

SHA256
22a14db0c585cd68d447b884d47a125a0a03083118c81c743246944a5a26b237

SHA512
968bb290fa43d42d6b09b77987d0e0b9ce26a3cb2e502c7955cf353c3c4217fff71e6f3b2063153529d2c40bb0c3007f5b20d7da5cc4b06efc21436c4cd483a7

Download Submit
C:\Users\Admin\Downloads\test.exe

Filesize
72KB

MD5
3addba61a314238fbc0ac29788dca927

SHA1
82889044696f32a99bd243133932495f1c78a551

SHA256
acc52ab6266596d57ae57594eee3d0dabc14730bf31254c45378d40c96dc844f

SHA512
000c3c33214352cfbbef698a1b56e227b47677ec088a3f451377191ed813cc4154112107dde02ee54b88c4741840ff646599adbfa8ddc58e40c6f344c5b07643

Download Submit
C:\Users\Admin\Downloads\test.exe

Filesize
72KB

MD5
3addba61a314238fbc0ac29788dca927

SHA1
82889044696f32a99bd243133932495f1c78a551

SHA256
acc52ab6266596d57ae57594eee3d0dabc14730bf31254c45378d40c96dc844f

SHA512
000c3c33214352cfbbef698a1b56e227b47677ec088a3f451377191ed813cc4154112107dde02ee54b88c4741840ff646599adbfa8ddc58e40c6f344c5b07643

Download Submit
C:\Users\Admin\Downloads\test.exe

Filesize
72KB

MD5
3addba61a314238fbc0ac29788dca927

SHA1
82889044696f32a99bd243133932495f1c78a551

SHA256
acc52ab6266596d57ae57594eee3d0dabc14730bf31254c45378d40c96dc844f

SHA512
000c3c33214352cfbbef698a1b56e227b47677ec088a3f451377191ed813cc4154112107dde02ee54b88c4741840ff646599adbfa8ddc58e40c6f344c5b07643

Download Submit
C:\Users\Admin\Downloads\test.exe

Filesize
72KB

MD5
3addba61a314238fbc0ac29788dca927

SHA1
82889044696f32a99bd243133932495f1c78a551

SHA256
acc52ab6266596d57ae57594eee3d0dabc14730bf31254c45378d40c96dc844f

SHA512
000c3c33214352cfbbef698a1b56e227b47677ec088a3f451377191ed813cc4154112107dde02ee54b88c4741840ff646599adbfa8ddc58e40c6f344c5b07643

Download Submit
C:\Users\Admin\Downloads\test.uHF60yUY.exe.part

Filesize
72KB

MD5
3addba61a314238fbc0ac29788dca927

SHA1
82889044696f32a99bd243133932495f1c78a551

SHA256
acc52ab6266596d57ae57594eee3d0dabc14730bf31254c45378d40c96dc844f

SHA512
000c3c33214352cfbbef698a1b56e227b47677ec088a3f451377191ed813cc4154112107dde02ee54b88c4741840ff646599adbfa8ddc58e40c6f344c5b07643

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
memory/5324-7330-0x0000000000660000-0x0000000000661000-memory.dmp

Filesize
4KB

Download
memory/5568-8199-0x00000266A0F60000-0x00000266A0F82000-memory.dmp

Filesize
136KB

Download
memory/5568-8209-0x00000266B93C0000-0x00000266B93D0000-memory.dmp

Filesize
64KB

Download
memory/5568-8210-0x00000266B93C0000-0x00000266B93D0000-memory.dmp

Filesize
64KB

Download
memory/5568-8211-0x00000266B9810000-0x00000266B9854000-memory.dmp

Filesize
272KB

Download
memory/5568-8212-0x00000266B9860000-0x00000266B98D6000-memory.dmp

Filesize
472KB

Download
memory/5568-8214-0x00000266B93C0000-0x00000266B93D0000-memory.dmp

Filesize
64KB

Download
memory/5568-8215-0x00000266B93C0000-0x00000266B93D0000-memory.dmp

Filesize
64KB

Download