hxxp://pub-e14e9ce4e7354b17b733f97efb197185[.]r2[.]dev/www[.]outlook[.]office365[.]com[.]owawxMmYwLWNlMzct&esource=00000002-0000-0ff1-ce00-0000000000000000u[.]html#Z2VvcmdlX3NpbHZhQG1hbnVsaWZlLmNvbQ==

Analysis

max time kernel
89s
max time network
91s
platform
windows10-2004_x64
resource
win10v2004-20230915-en
resource tags

arch:x64arch:x86image:win10v2004-20230915-enlocale:en-usos:windows10-2004-x64system
submitted
20/09/2023, 14:47

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pub-e14e9ce4e7354b17b733f97efb197185.r2.dev/www.outlook.office365.com.owawxMmYwLWNlMzct&esource=00000002-0000-0ff1-ce00-0000000000000000u.html#Z2VvcmdlX3NpbHZhQG1hbnVsaWZlLmNvbQ==

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 6 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133396949119580758"	chrome.exe

Suspicious behavior: EnumeratesProcesses 8 IoCs

pid	Process
3796	msedge.exe
3796	msedge.exe
1552	msedge.exe
1552	msedge.exe
4152	identity_helper.exe
4152	identity_helper.exe
1224	chrome.exe
1224	chrome.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeDebugPrivilege	6140	firefox.exe
Token: SeDebugPrivilege	6140	firefox.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe
Token: SeShutdownPrivilege	1224	chrome.exe
Token: SeCreatePagefilePrivilege	1224	chrome.exe

Suspicious use of FindShellTrayWindow 55 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe

Suspicious use of SendNotifyMessage 51 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1552	msedge.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
1224	chrome.exe
6140	firefox.exe
6140	firefox.exe
6140	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
6140	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1552 wrote to memory of 5024	1552	msedge.exe	74
PID 1552 wrote to memory of 5024	1552	msedge.exe	74
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3276	1552	msedge.exe	86
PID 1552 wrote to memory of 3796	1552	msedge.exe	85
PID 1552 wrote to memory of 3796	1552	msedge.exe	85
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87
PID 1552 wrote to memory of 852	1552	msedge.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pub-e14e9ce4e7354b17b733f97efb197185.r2.dev/www.outlook.office365.com.owawxMmYwLWNlMzct&esource=00000002-0000-0ff1-ce00-0000000000000000u.html#Z2VvcmdlX3NpbHZhQG1hbnVsaWZlLmNvbQ==
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1552
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xdc,0x108,0x7ffae21346f8,0x7ffae2134708,0x7ffae2134718
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2316 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3796
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2248 /prefetch:2
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2892 /prefetch:8
  2⤵
  PID:852
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3528 /prefetch:1
  2⤵
  PID:3692
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3580 /prefetch:1
  2⤵
  PID:1540
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:1092
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5396 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5440 /prefetch:1
  2⤵
  PID:3908
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4900 /prefetch:1
  2⤵
  PID:3572
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
  2⤵
  PID:4284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2244,3109367058749975239,2611270378201805665,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=3836 /prefetch:8
  2⤵
  PID:4912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1216

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4948

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:1224
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffad01f9758,0x7ffad01f9768,0x7ffad01f9778
  2⤵
  PID:4100
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1780 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:2
  2⤵
  PID:2788
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:8
  2⤵
  PID:4220
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2252 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:8
  2⤵
  PID:3264
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3272 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:1
  2⤵
  PID:5256
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3260 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4708 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:1
  2⤵
  PID:5548
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:8
  2⤵
  PID:5584
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4980 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:8
  2⤵
  PID:5600
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=4948 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:1
  2⤵
  PID:5748
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3464 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:8
  2⤵
  PID:5952
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4520 --field-trial-handle=1888,i,1460023097275653868,7602234381523829704,131072 /prefetch:8
  2⤵
  PID:6028

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:5312

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:6128
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:6140
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.0.1294267458\458684858" -parentBuildID 20221007134813 -prefsHandle 1884 -prefMapHandle 1876 -prefsLen 20938 -prefMapSize 232675 -appDir "C:\Program Files\Mozilla Firefox\browser" - {afa2f66d-0600-4f79-bde3-111de27697b0} 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 1980 23ad22d7158 gpu
    3⤵
    PID:5260
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.1.1281233794\279759156" -parentBuildID 20221007134813 -prefsHandle 2412 -prefMapHandle 2404 -prefsLen 20974 -prefMapSize 232675 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8e5c1e3c-cc2e-485f-a1fe-871de7f7911b} 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 2424 23ac56e5b58 socket
    3⤵
    PID:5572
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.2.1610486264\809313639" -childID 1 -isForBrowser -prefsHandle 3112 -prefMapHandle 3108 -prefsLen 21012 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a9955e78-cc35-47e7-bcdc-cae260c3f7e5} 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 3124 23ad60be358 tab
    3⤵
    PID:5972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.3.344383722\955142518" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 26437 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {708b3371-3fff-4a75-822e-b807465253a0} 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 3588 23ad4a7fd58 tab
    3⤵
    PID:4468
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.4.663290093\621406028" -childID 3 -isForBrowser -prefsHandle 4356 -prefMapHandle 4556 -prefsLen 26496 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {32aaf068-61df-4f9e-a628-0e8deec67957} 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 4720 23ad8320258 tab
    3⤵
    PID:5888
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.5.196333671\2118694049" -childID 4 -isForBrowser -prefsHandle 5100 -prefMapHandle 4996 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34cfe41-42f4-499d-b06a-d1f7c92909f4} 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 5116 23ad4a98258 tab
    3⤵
    PID:6348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.7.356153023\1348627932" -childID 6 -isForBrowser -prefsHandle 5460 -prefMapHandle 5144 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {632690ca-250f-4d6c-9be2-78188f9a6982} 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 5448 23ad61c9558 tab
    3⤵
    PID:6380
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.6.2097451260\1271278846" -childID 5 -isForBrowser -prefsHandle 5264 -prefMapHandle 5268 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b9f1a81-9692-47cf-b8f7-4a365fce7c28} 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 5256 23ad4a98b58 tab
    3⤵
    PID:6372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="6140.8.1527608596\938447597" -childID 7 -isForBrowser -prefsHandle 5792 -prefMapHandle 5776 -prefsLen 26656 -prefMapSize 232675 -jsInitHandle 1088 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f508d159-fb2e-4cda-be3d-8a0451b42ac1} 6140 "\\.\pipe\gecko-crash-server-pipe.6140" 5800 23ad9239458 tab
    3⤵
    PID:6724

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

Filesize
371B

MD5
654e0bda776ab161d84718202a70fbf2

SHA1
08ea3aabb2742740897f5ca6b4f0bcaa9b1aab3a

SHA256
deb2d9bd4ea8b7f54c4ac38414917f788665829048502052212176aecce9b0b0

SHA512
6c5e686cb5d8d757bdcda1febdee84a5aa77550425e73564bec5465689fede9c67a0e2930b2e2d8ce4780891421cc166f9af2e7666b4b146a51c93eee5d6d570

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
87442ddc2485ac062880f17df15fc9ab

SHA1
cf19bc599746aede518bd93ded8bea13772e05e4

SHA256
bd928e35d6fdc4bcd6fe80895f5b7d746885cc75fdd7ef22ebde005adcc1afc8

SHA512
858aaa76bba7a8e48957ade710e21cdf4e1c7199aa66673ea7860263beb133da6835d7e9aec34567ac98f39b679a28bd39f354eac59f3f8a758a6b0549bcce03

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
5KB

MD5
032f343d8bdd142fc002e4350c2fdc5f

SHA1
468e7aa062564b082d3f5008222e42582d0b4acd

SHA256
5e81a606afdcbdc72ad7ea71964df1468509bee60aab6761bb3fa8ee5893dfd8

SHA512
b88ac65dcbd345d43715a397c665f588bf2be36cc0701db6d06bf6ac8bd3f35844e7be5c36e9cd19e1c81eba1aa32330aa1c7814092437fcf37663e8def979eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
199KB

MD5
038fffc1aec7d6b0da5ac34f31957151

SHA1
0d815076a40ba0285901c0be318b495eb2fbdd8d

SHA256
0af53bffa2a7ca24c8b2e3c12260e51d957bafec664bb0acc5eff8e84853f246

SHA512
7291b862851791d67f88f8cdc9caad3171c62098c88cd883a6c910b517bc58d776a1cc1bb3d5a17ffeb31c2725b01c61169f1da37f9ee99c3a19fbf002e07b99

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3d8f4eadb68a3e3d1bf2fa3006af5510

SHA1
d5d8239ec8a3bf5dadf52360350251d90d9e0142

SHA256
85a80218f4e5b578993436a6b8066b60508dd85a09579a4cb6757c2f9550d96c

SHA512
554773c4edd8456efaa23ac24970af5441e307424de3d2f41539c2cf854d57e7f725bf0c9986347fd3f2ff43efc8f69fd73c5d773bbfd504a99daca2b272a554

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
482B

MD5
77cf31f8d3e241f1b453c923b4866d1c

SHA1
c6dd7faf5b3e2952fa87ece3acfe1b03bf3e37c3

SHA256
8e4575fe288d2e9f9e0d0756c2272b22958068c1ca4c81f5c94374c6389aed42

SHA512
ed6755f76750ac3cfd7e46a0700fcbd1c75d8b348777409abae4a0d97b43749026a1677518e27c7899575bef8f09cec1bc1a7c56e88a37f66c7fe1f1959e55ab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
993188a1f23058e923da2e9ecbd9448d

SHA1
8c36c5b838a50032c8805c52751b6fe80d405799

SHA256
b62cb59f092b33f8deb1dcc1e4f90ad1090e21adb1d74da5c1740dbf10fc898a

SHA512
43bb0960f063e2b75a3e29a9f0e73ecf872cd16be042c060d96f3c2c4a6e964ef67757ce0b63c03ff942cf0ce63afeffd33d3e268bdd0af833376406b7e705c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
042c2de68477a29d54fde3c5d6122744

SHA1
d726c9f2466fa1ce5a17db5f489a8bed385c1f6a

SHA256
438d57a9626e977b2d1ff78713b0b9ae260b1b95b03a351ddbd9b780efa2e1c9

SHA512
5a8d789c91a600b3d35d35720ab0b9dc5a0055483706c7f3b7d8a1ed13c9b4930ee15bbf5cb69a97847cc9277af7add2b6b1c821798a6ad1b128f54672c7f0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
c01154feac91603069422944eb63ad0a

SHA1
19f08a1e3da89449e9018018e8bd6c942f949994

SHA256
898b5e930b367cbdb5668f6d6598465c792e7c120fd22499f553dfe5f4140692

SHA512
1a918ede3caa813b0e7acbdce56ba3c718f6e458053e12e41660e724c4c678c270508bf9d58a52e7be770337fcfa1272d692c2dfc1bac94165d692e18b6513e1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
24KB

MD5
d985875547ce8936a14b00d1e571365f

SHA1
040d8e5bd318357941fca03b49f66a1470824cb3

SHA256
8455a012296a7f4b10ade39e1300cda1b04fd0fc1832ffc043e66f48c6aecfbf

SHA512
ca31d3d6c44d52a1f817731da2e7ac98402cd19eeb4b48906950a2f22f961c8b1f665c3eaa62bf73cd44eb94ea377f7e2ceff9ef682a543771344dab9dbf5a38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
143e1cd7d618b541a1bc11db5b365c53

SHA1
dc14d2014ef9b69e1670210156ebfd5ae32fc16a

SHA256
742cd1204e223ca61b6608bf34b02e692ad12412d96507f87e2256ae3a4513c8

SHA512
13624d5ee4dc7f5f425a9b1aadd356709051136c8f4452e43205b61ec680fdcbbfdf8d2e98e8fe26c83beb6979a32390098da8ae4bcccc47f7348122d41b46f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
bd717c15d097a82efd62f8bc09a815aa

SHA1
1089e0a6d4f1319267fe178ae862ae925c75a77b

SHA256
0c890d216d0b9aeaaa8e072ff761b38d3ffed318f7442a8aa07933f5d7fd7907

SHA512
1b3a8b3bf51666d2e6367aa770277b98ee0446586909dd963ef43fff98a01a2764c43e83bff6badaf5a14223c3627a6941f45e7378e3b5e2472da82ec67eb83e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
03aa6010d5cc620f69a069eb9548a755

SHA1
b3e2a59698b3ffe4be33dc4a307657926893efb2

SHA256
7411ebc94d135866bf7fa888c0b1ffc7c69aeeea8627c84fd14428f9824621a5

SHA512
10b0db86e07450389149e35d755066aa8317db03f161c0b379cb1911fd841306e69d8410796a36f06ce38df6a98948847530888b8231a827c37991547bcff762

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
cbf54502be80a1aca4f0ca00fe10ef65

SHA1
77aa6d5e45d04df1297ec1afd74d122e079367c1

SHA256
9d037c1ebdb54ebafd710133963f0b53fad020bc7428e0adc7f41993a52e31da

SHA512
b513c59dd2695cc79cdf0a97b91329e443d0728c59e4e88f583e45dd11787c847723d59f7d1ccf381fe547e44f4554d0d348b367a952563eae79ddd3873a0ae6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\activity-stream.discovery_stream.json.tmp

Filesize
22KB

MD5
7e5b00c4ac6583ac7233aa52690d3675

SHA1
175f23de541e4dbacefc644617f804e0a53fc3f9

SHA256
5a2773994542d548c20124ffffe7fd044dfb4b31dc076b27a7bc626695cb6519

SHA512
4af2195b259bdf855a4d73da43e55514cf27eaf4e9f6de04775d6c29ec7a7547e0f81360eaa49dbf01703d528015290cc39d24766d008661e1a6650ed7ffa7bc

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\cache2\entries\58A756A796A86993036E1F0F79183245EE2ABF58

Filesize
13KB

MD5
fbb63c6b106c0fad427b39fe67be1157

SHA1
2b783ee12aaa9ec9993ce5dce3c02b7493fae695

SHA256
9aba41ee48c70d25c468f7e397669acb26f71d0d654b501e12c7627d55effed6

SHA512
6daa90c3f2d5ffb8c8e35982a4d7eb6a75d33da9489870397600948f962a81170c6e68e1c2bc5d6b0e5729dc43c5956bd1c4fa0010955cad32300b01ce14d42a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\thumbnails\dcdba5f195385f3c514272068990c7dd.png

Filesize
1KB

MD5
a4e3dec615867334fc01bb2b71796edb

SHA1
6ca3970f02d7ab704f5b82849c2f9163a9bdb9e1

SHA256
5fa0608bb3291da5006676cc5880c90c3d591c29e0f96ffad8a35cc961522560

SHA512
ff4192657fc611ae0938c3962a541eac877a66d372924a8df62aa8e99f6be4431c6b706df232aff96269746a448fa8a23e7d1c8a9d809d74782baa78a0af62e7

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

Filesize
8KB

MD5
ba9d0cbae0fd5e73bc2559c32986011b

SHA1
7829be79220cbcecd84210c52e6deaff704df860

SHA256
aa5ae926e90ea655dd605c08f079b596cf845caabf687db074b6544c2b3faa77

SHA512
4e9e8313fc5630b98811251119b445f5f03fe5034b2f29b2fbca12d944816f3523242102000069e7bdb9ac9a7722c194a1e4e327e98471bdcc5481f813281dc5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

Filesize
6KB

MD5
04b44c74a8349c9c756620061d6466bb

SHA1
874bd39016cc4188fd30d63517d43a9a629287a2

SHA256
1ff270c0b648bdd50c8c55bb1212961b66443f0f1a958813bb543336efa63e82

SHA512
9da5e53557662b8c6b84e7e9c2b01f8f8230e34fa11dafff5e969bf9e49af6459117c40b11fc28767037e6eb6e670888c8c0d07de22a4d9c88528ab74b03fb3e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs-1.js

Filesize
7KB

MD5
d7f83b14add88d38c4de62b998cc3ac5

SHA1
eff08686c63bafcc8b3717e1f88b854326e8520a

SHA256
c659b2c2287b40066a433d4c8780f69c9cab3ab25d6ed3f1c1656dcf54d28f7d

SHA512
91f0d2e223f0918b4f0b35b516da9f95de9e8b03d2f9ef79dfc57bb37b66e8c7b5a39f85ae4d5b330eac1cec49a48572711a1a882c6b528e1c61006f62bde890

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\prefs.js

Filesize
6KB

MD5
d00a58fe02fafec8b912e152e94e7a83

SHA1
687f358445f194a3844bf739e9c7b2de54cc29fe

SHA256
179d3141dee5307599706c6f1d30962356c95a4b30d0239d9af0f193ac548ab0

SHA512
af2667790d8da2adcfe8cb2ea29ae7a8b7130f0830f91f585dfdb5816c1f254dfe29561865834734bb52bc2d3fd645381803eba348b23abac761712ee14a4045

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ab8c7c717a881f2fda705218a6933b6d

SHA1
65adfabaff9e915709e267f3abb130d7be0572cf

SHA256
a22fb0f0bed5b0150fc5b1ba6a28d15bb6dc628e6264cd9268b91ebdfa84bbd4

SHA512
c0e25e7e20b6eb4f7e87a6d954b37650e212023dfa636efb6fffcb3319b494cba020a5ef98be5356d9ff80ea69bf003e2eb22cac75b7b9b1c931901c34229d1b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\t9nv4f6k.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
83f622150bf0da87c518a836b2e40c9c

SHA1
9efbefe7e937582c6f44a7553e96687083d6d3e6

SHA256
7b55efaa0ed56f391e105a0668ccc156e6e00edabeb4ec132d89e081779608d6

SHA512
23d6f8d92c810e9dd0bd293014de06df7cfea7565b425652a290a176993eb81697c8b961dc804331ba5457591ab019dbba61f155b19b42b0e8bece64ef097faa

Download Submit