55b9b84b92f84863d337b1005bdc4630690037ca89d74229b21f3387be1e26a1

Analysis

max time kernel
149s
max time network
150s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
12/03/2024, 21:45

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

CV html/Home.html
Size

2KB
MD5

e432e8b66df88744dcbd538cfd25728e
SHA1

4930f7ec5ee314c310fc796152a03da2d3d7d2b7
SHA256

51fb1cf3ad4a13e61d33602c0f9598621eb182d4539b02a4d40a76d03446c771
SHA512

08b52b7edfee59b3614b8ceaa7669141a397eaa67568bbcd981ce2b72cbe5e751d144b71e560341277305f1b975cb704bcca201a776ac3ffd8065463565a77a2

Score

4^/10

Malware Config

Signatures

Drops file in Windows directory 4 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Panther\UnattendGC\setuperr.log	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagerr.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\diagwrn.xml	UserOOBEBroker.exe
File opened for modification	C:\Windows\Panther\UnattendGC\setupact.log	UserOOBEBroker.exe

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	AcroRd32.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	AcroRd32.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000\SOFTWARE\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BROWSER_EMULATION	AcroRd32.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings\MuiCache	MiniSearchHost.exe
Key created	\REGISTRY\USER\S-1-5-21-2930051783-2551506282-3430162621-1000_Classes\Local Settings	firefox.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
2456	msedge.exe
2456	msedge.exe
1156	msedge.exe
1156	msedge.exe
2176	msedge.exe
2176	msedge.exe
2116	identity_helper.exe
2116	identity_helper.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe
468	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 11 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4532	firefox.exe
Token: SeDebugPrivilege	4532	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
4532	firefox.exe
4532	firefox.exe
4532	firefox.exe
4532	firefox.exe

Suspicious use of SendNotifyMessage 15 IoCs

pid	Process
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
1156	msedge.exe
4532	firefox.exe
4532	firefox.exe
4532	firefox.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
4100	MiniSearchHost.exe
4532	firefox.exe
3524	AcroRd32.exe
3524	AcroRd32.exe
3524	AcroRd32.exe
3524	AcroRd32.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 3560	1156	msedge.exe	77
PID 1156 wrote to memory of 3560	1156	msedge.exe	77
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2460	1156	msedge.exe	78
PID 1156 wrote to memory of 2456	1156	msedge.exe	79
PID 1156 wrote to memory of 2456	1156	msedge.exe	79
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80
PID 1156 wrote to memory of 4488	1156	msedge.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\CV html\Home.html
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7ffce2eb3cb8,0x7ffce2eb3cc8,0x7ffce2eb3cd8
  2⤵
  PID:3560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1956 /prefetch:2
  2⤵
  PID:2460
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2456
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2720 /prefetch:8
  2⤵
  PID:4488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3204 /prefetch:1
  2⤵
  PID:4832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3228 /prefetch:1
  2⤵
  PID:676
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5116 /prefetch:1
  2⤵
  PID:5024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5576 /prefetch:1
  2⤵
  PID:1196
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5208 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2176
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5704 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5380 /prefetch:1
  2⤵
  PID:1660
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3032 /prefetch:1
  2⤵
  PID:2780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
  2⤵
  PID:1436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2692 /prefetch:1
  2⤵
  PID:4696
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4796 /prefetch:1
  2⤵
  PID:584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5460 /prefetch:1
  2⤵
  PID:4576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5152 /prefetch:1
  2⤵
  PID:4904
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1932,15463802556801992326,8234966628677375557,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=4872 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:468

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:584

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1904

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1196

C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe
"C:\Windows\SystemApps\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\MiniSearchHost.exe" -ServerName:MiniSearchUI.AppXj3y73at8fy1htwztzxs68sxx1v7cksp7.mca
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4568
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4532
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4532.0.1396606430\409118049" -parentBuildID 20221007134813 -prefsHandle 1748 -prefMapHandle 1740 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7e66f66c-8ce8-4fed-aefe-bef97a178beb} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" 1840 1b1dd2d8158 gpu
    3⤵
    PID:1224
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4532.1.1356859324\2133873658" -parentBuildID 20221007134813 -prefsHandle 2196 -prefMapHandle 2192 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {40260993-da5b-4828-a529-f2b115b265c0} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" 2216 1b1d1271f58 socket
    3⤵
    - Checks processor information in registry
    PID:5156
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4532.2.42118159\736509451" -childID 1 -isForBrowser -prefsHandle 2988 -prefMapHandle 2852 -prefsLen 20886 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5cdb094a-5ca4-49c2-b2bd-24abfb2578e2} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" 2796 1b1dd263558 tab
    3⤵
    PID:5452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4532.3.1051866020\753825041" -childID 2 -isForBrowser -prefsHandle 1284 -prefMapHandle 2368 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6e121c41-66f7-4bb3-8ae5-0fb828a51bef} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" 3552 1b1e330c358 tab
    3⤵
    PID:5600
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4532.4.1913071564\129611279" -childID 3 -isForBrowser -prefsHandle 4712 -prefMapHandle 4716 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1356 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2a8cc02a-3cd5-4a36-9c9a-db7655acfeec} 4532 "\\.\pipe\gecko-crash-server-pipe.4532" 4700 1b1e4735e58 tab
    3⤵
    PID:6084

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
1⤵
PID:5656

C:\Windows\System32\oobe\UserOOBEBroker.exe
C:\Windows\System32\oobe\UserOOBEBroker.exe -Embedding
1⤵
- Drops file in Windows directory
PID:5528

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:5752

C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\18.151.0729.0013\FileCoAuth.exe -Embedding
1⤵
PID:2332

C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe
"C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32.exe"
1⤵
- Checks processor information in registry
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
PID:3524
- C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
  "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --backgroundcolor=16514043
  2⤵
  PID:4048
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=A37534525D578C532DF17587BB641592 --mojo-platform-channel-handle=1768 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5696
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=renderer --disable-browser-side-navigation --disable-gpu-compositing --service-pipe-token=1249277AE4AB3E06C31B5044931DB38F --lang=en-US --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --enable-pinch --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --enable-gpu-async-worker-context --content-image-texture-target=0,0,3553;0,1,3553;0,2,3553;0,3,3553;0,4,3553;0,5,3553;0,6,3553;0,7,3553;0,8,3553;0,9,3553;0,10,3553;0,11,3553;0,12,3553;0,13,3553;0,14,3553;0,15,3553;0,16,3553;0,17,3553;0,18,3553;1,0,3553;1,1,3553;1,2,3553;1,3,3553;1,4,3553;1,5,3553;1,6,3553;1,7,3553;1,8,3553;1,9,3553;1,10,3553;1,11,3553;1,12,3553;1,13,3553;1,14,3553;1,15,3553;1,16,3553;1,17,3553;1,18,3553;2,0,3553;2,1,3553;2,2,3553;2,3,3553;2,4,3553;2,5,3553;2,6,3553;2,7,3553;2,8,3553;2,9,3553;2,10,3553;2,11,3553;2,12,3553;2,13,3553;2,14,3553;2,15,3553;2,16,3553;2,17,3553;2,18,3553;3,0,3553;3,1,3553;3,2,3553;3,3,3553;3,4,3553;3,5,3553;3,6,3553;3,7,3553;3,8,3553;3,9,3553;3,10,3553;3,11,3553;3,12,3553;3,13,3553;3,14,3553;3,15,3553;3,16,3553;3,17,3553;3,18,3553;4,0,3553;4,1,3553;4,2,3553;4,3,3553;4,4,3553;4,5,3553;4,6,3553;4,7,3553;4,8,3553;4,9,3553;4,10,3553;4,11,3553;4,12,3553;4,13,3553;4,14,3553;4,15,3553;4,16,3553;4,17,3553;4,18,3553;5,0,3553;5,1,3553;5,2,3553;5,3,3553;5,4,3553;5,5,3553;5,6,3553;5,7,3553;5,8,3553;5,9,3553;5,10,3553;5,11,3553;5,12,3553;5,13,3553;5,14,3553;5,15,3553;5,16,3553;5,17,3553;5,18,3553;6,0,3553;6,1,3553;6,2,3553;6,3,3553;6,4,3553;6,5,3553;6,6,3553;6,7,3553;6,8,3553;6,9,3553;6,10,3553;6,11,3553;6,12,3553;6,13,3553;6,14,3553;6,15,3553;6,16,3553;6,17,3553;6,18,3553 --disable-accelerated-video-decode --service-request-channel-token=1249277AE4AB3E06C31B5044931DB38F --renderer-client-id=2 --mojo-platform-channel-handle=1780 --allow-no-sandbox-job /prefetch:1
    3⤵
    PID:5292
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=389C5801ADB704C3C28BE40C1CE11F8D --mojo-platform-channel-handle=2324 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:5668
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=75C7D0B8F1A84DB69A627DA7FE148722 --mojo-platform-channel-handle=1964 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:3712
- - C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe
    "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\RdrCEF.exe" --type=gpu-process --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --gpu-preferences=GAAAAAAAAAAAB4AAAQAAAAAAAAAAAGAA --use-gl=swiftshader-webgl --gpu-vendor-id=0x1234 --gpu-device-id=0x1111 --gpu-driver-vendor="Google Inc." --gpu-driver-version=3.3.0.2 --gpu-driver-date=2017/04/07 --disable-pack-loading --lang=en-US --log-file="C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroCEF\debug.log" --log-severity=disable --product-version="ReaderServices/19.10.20064 Chrome/64.0.3282.119" --service-request-channel-token=02AD2439C638360768DF489323C1B715 --mojo-platform-channel-handle=1772 --allow-no-sandbox-job --ignored=" --type=renderer " /prefetch:2
    3⤵
    PID:4532

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
96899614360333c9904499393c6e3d75

SHA1
bbfa17cf8df01c266323965735f00f0e9e04cd34

SHA256
486e4b4bb11f664c91c675e73cfeabe53b5009ae719459813be17814cd97e43c

SHA512
974735b40a9f92b40a37a698f7f333590f32ff45633c6e619500e74ec274bc20bf7dbc830b1685777b714d37a3ca103d741ee056f4ff45ef08c07b38a7895df7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
19a8bcb40a17253313345edd2a0da1e7

SHA1
86fac74b5bbc59e910248caebd1176a48a46d72e

SHA256
b8024fbed11683ef4b53f5afac0ff691025b7eecca0f6a95737da1585558227e

SHA512
9f8780f49d30aad01b28189804329aeca6ad2b7ffb6be505d40bb1af7802bb62622f518cb1c43a5815bbbb46638f6c52aead3d68f14fa957d18157edb42e95c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\41f0d197-8e9d-476a-8795-f80f116e1586.tmp

Filesize
5KB

MD5
63a401800edf819a0259059f8c69d4eb

SHA1
fceb74a9080d9d507cf6bfc6bb0f9ffc5a1b9253

SHA256
a61913f839819ae110457afaef9cc6250749bdd9378a7ac5aebf8ff4373cd1bd

SHA512
fe07e98a65936dc104897a1a568cb5d71e105377712d4e97e0d274724d4fbe5640ee4564176aa5b6d0fe6ad502f5c9181548eef59145f30a651a2429ecdc083e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\91b0d85e-20e4-4dac-9677-a23f48755d48.tmp

Filesize
6KB

MD5
33dcaf559b78b0ba5ea3daf31d43e429

SHA1
8ae513497130c9d95992071904fb38a3c6943ff2

SHA256
61126fc144935403c56ccb44510b44df50377bc20dac6e6b49fdc96f72cf135f

SHA512
72444be66e530545feb0701f6ef24545bfe61dea849aa36a21a185adddcd3648bf8e4535695475cf030917dc0cd6613fe3ef90315c534ba1fa3f507c855eeafd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
b9ac91ea0b58b16b0900853d2291e09a

SHA1
0677375340e21ef155e53e5fc77efb923a718b02

SHA256
48c39550827d3f411b652d4746ebf8216e3ef08181d9917a2d0ac0d0ec1b6b84

SHA512
6090d658a2fbd62c9b8425d3cb2d638895dbbc9f1b19f98dbad6d72c1a20ef860db22604d6fe0dfbdea094176c5ca4d7314b6624a850c8ab3de0305def9644b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
285252a2f6327d41eab203dc2f402c67

SHA1
acedb7ba5fbc3ce914a8bf386a6f72ca7baa33c6

SHA256
5dfc321417fc31359f23320ea68014ebfd793c5bbed55f77dab4180bbd4a2026

SHA512
11ce7cb484fee66894e63c31db0d6b7ef66ad0327d4e7e2eb85f3bcc2e836a3a522c68d681e84542e471e54f765e091efe1ee4065641b0299b15613eb32dcc0d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
af0624f0a6abfe070e6d01865a78badd

SHA1
84e983acd6ae96e3823da9ddc792a0f328c0c816

SHA256
3fd3c23cf118eafd7bdca2a44d8cbbde8c53f463b756593ffd2bb3d175737287

SHA512
fe884024eb9d0c44a9ec82b7de1154638c81f4215b1f961827a5421b4b4c53c48f07aefbef66ffd8cb0fd72d86a8cb7e77e0a969e0585b29ad4641af52f1aab9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
2KB

MD5
71cf35e75b607bc2c7939c7672534f91

SHA1
7cc90189c4644cb3a7e11e7ebab945f4b74097d0

SHA256
09c83e201b66921182ce859c9edfbc7433a558cdf9f6989dac18b77b67dff844

SHA512
18f1ab90a2a4e27205282f8aa22c18adb95684da59bbd2d6ff136aa9fed3de8f9d0720ef78dbe106c2cdbbb527ac8ab23b5d9d018c3fefe1f23dcdbc2baf06bf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
e043295b0a4a5d5b6ecd8823f08a2c24

SHA1
14384f53d4f94033db8bb2d67442e25b9787b520

SHA256
67dcf0a0a542d437d5181f4f611dac939d5d305052235b5af6622fc9f22df4af

SHA512
372988ba3f722ccaea3fd4d79a5b043cb2dd66fba31c55ce49f084c6e7074e0588629acf30c034e70cce3fb12d0622b2425f09c92a265edefbc40ac164e717fc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
8bf0042f3d42de486ce0221d2285a6cf

SHA1
5ae119f89a97d7322884bc60f44b3ee7664b5150

SHA256
a41886eadc75410342e50abe187267621492162160644d3e920ec1f8b37d216f

SHA512
20758ca686c429522afe86d4cd80f4c453c8e7e4e97bb02e8f2460cf7811832acd2736bf0a61280d60934d944ccbf637684910dbc4536f26d70302d08b226e9e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
96B

MD5
509f4e97f377c95230e9900518b38c29

SHA1
3f50a05cdfa6e86ed952ee66003f8ff467dbec00

SHA256
4ae9867b396d21089373e9316f31e41a76b87cc9547de6c7711fdaab0a1b08df

SHA512
f09a7e9df80a49309c04a9e9b229aa5dc9cd523381e99c69b97e3b1fe2b14cb2100f9d8f38e8c78d5bf981d7965e867fd8e0c805e04759c3a70eb9e608ea1b11

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe57f0e8.TMP

Filesize
48B

MD5
a083a4ed96cd5c791758af781ae1c11e

SHA1
18a32485dfc1d2793960592a311d2ca3e530ee4d

SHA256
b627f14db70a0b92cc398d4d61c9088a9ef0476ff012e2d191c5b8eb36566ba2

SHA512
5f9c46888573272ef11e49ed5389c68f29fbdc9db8d120b737711aecc980cf2e5292b8fc65af3c5b9766232e0b12e93c7ffaa23e989a5c159035d92da52c877a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
c4ce59c81d40967e40caa672a8093edf

SHA1
305ac7b64fb0287e9122d609f084d728bf904a5a

SHA256
dd85b2f01e12b6fcd8bc8497ed5cd3be4b36aa0140ca1cfabc83fc3b0ebaf166

SHA512
eac5511f3687d57f0892753ba5d263166f1d6747b86b6f3f861451f81978e37f176ac4276cc9a7f9e9e3e82b94493b4ee3cbd7087b51650d673dcebd40f8baad

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\bf82fe75-dfac-4afe-b646-339ed9cb79df.tmp

Filesize
11KB

MD5
83ee3767fcbd227dfdb90d5e8e8d8476

SHA1
be47300999b67b24e857578fa43026da54e89b62

SHA256
4c3fbc62b302ca6e73341737a0560dedca5d390ad2b853c927408630d3d8231a

SHA512
c1755c5fd50777c4701239cf6569648d7c938d6f7de0281c5b0deea285ad5bd6ba8a5fbffdaca559dcf41ead8c58747b285bc1f5303253b158d13105c2308067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\OneDrive\logs\Common\FileCoAuth-2024-3-12.2147.5752.1.aodl

Filesize
706B

MD5
ad9982dd6ac09f9c987efd8226a7c96b

SHA1
d2a16d7870d1b5ca28f05d0a3860e41f6910cba9

SHA256
72fe98b28fc6756d1888b2d6bde04e99b03976d640c1e97cd1ed1ea3593eda45

SHA512
456ae141c28ee15a8236dc0490a455a9c9ecd12e1f0560ca2b01a5abd7902b13a4eb6162bb423f8485d84acec0aa725d91ec9f320b44bb637277577e90cebc0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\MicrosoftWindows.Client.CBS_cw5n1h2txyewy\TempState\SearchHoverUnifiedTileModelCache.dat

Filesize
10KB

MD5
eebfb84605e05222e3ad98f4b9f62db2

SHA1
36ddd440df5b2776281ad245a6a57e7a183c09a0

SHA256
4a9b70f7113d5c252937ad9bbfa110031124ffe3643648db3f944111b61bd559

SHA512
90e6f46d36c30783af4032f72beb58eb157849a8197e39945542da8a0c1313cb87e91f18a732f5718ec6a676fcd790458419bcc22c608824416fa6df14bf5ba6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
d1cab523779aa10f6b660844b3859832

SHA1
473342cc93f1534fd87a817f197f25d31696e0bf

SHA256
b5a9c42c1962cbbc12dd38b90da836d548e58856822feee6b682f26461931dd4

SHA512
3eb91e983bd8b35b5027d21584c72036d3935f3b29e086d6c223b208c1b1bf0d7512942aec9fad83a892b9c4b2568645a23076fd688985f8c7171bbce2c3b558

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
cc6af96c86ed919ca65db49f4cb3ff13

SHA1
3b70c09cbc42ef1b6c1032bf4b138455ec94130d

SHA256
4d36aab80c5ddb5d5b62072c1a39d80f2e7d1a1231daf438e1477a980308e96c

SHA512
10a8f758c3714e1d8f7340db0324b7e76dfc1eae0cc24257e2f40f2047e48b0d70e8e8137a1ddc3ad4d5866f35a4cdd9fc4f3286a8eeea3c3d7a6a45c277f04c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\pending_pings\3cdff4b9-165c-4f4d-88f2-f7b242f7225c

Filesize
11KB

MD5
3e86e0e0c3f27a5ff20f61ba8d5e9e96

SHA1
fedf1ab9a59ffcf67a99ae84ac1eaf44932e8968

SHA256
187034ff9a38c9e191d4af91104af27c0b42b8cb0201f98248a8710bf9f7b9a0

SHA512
b3ac8279f846f683ef00a51e427b83c29e460d9024fe8c8d8218522d757529bac5085ec9b577f0ad41ec1596fbf451dac139555819c20992db63f5ef81726532

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\datareporting\glean\pending_pings\e76cdd4a-be21-4bd2-b5b1-27aafa1b01bf

Filesize
746B

MD5
ab73bed7acb98acfb1ce7e9c5ec8223b

SHA1
50ac1fc1e390d432cfdb678961bd05d19b9b8de0

SHA256
ee45e48c7eaabc120dccca8fb271d5b4386bbc12484a4735c83f43b596ba4de6

SHA512
0ec82859f1986fe4d26e95cf889152f19f704f6df57f90abed12aaaad9b4909885abf378d0c64a4977d48197ff357f34e1a65c0af7b1bf7c9fb258c767a6b0f2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs-1.js

Filesize
6KB

MD5
5fdd0572ff4b4de30b093b0e53115e08

SHA1
00250a8413f8eb6b9e7597408f7ae6596b40946f

SHA256
86b83fc288d6707ec081b7f6a0bf32d8dad8d4b697107e912f26041e7cd37258

SHA512
c06d6a6f846a5b4070f98c522528245a5d171612b19cbe236a78dbbc4c17a0c92b302164865a5148fe20e7f6f11d4d968df723f26bca063006d9c0f4efc9630d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\prefs.js

Filesize
6KB

MD5
5d88ce022d9c12a03940f71f89943d2e

SHA1
bf61800f16f2d6efdd1eece50d80caf035684ced

SHA256
8f54ba3d125f0600ea44ed14ef7e26169433cf2b0f2d11b23d012b1f3067a9ff

SHA512
41e2eb87e2e67da409f17293905c699722e3f20d71efd87e0109ec6b4accbf76f595adb49fee21641d48fa563178da685c56ef91c2ddbe4d5945c3b24c8b6123

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\d8xutbrp.default-release\sessionstore.jsonlz4

Filesize
913B

MD5
182d760d869e4acd8f9d66fc9fc716b5

SHA1
1d23a70a67703c1e1400721a892d4e79e8b6f9d5

SHA256
4e417697fe1c8f2067e2e4a4956e9450fe7e8f36dc10e5ab3ba676a965c80fde

SHA512
0460cb60483bfea46a8c9b42a0e7b43066690f50d48202c846799c16f9a9c34e56ab225732c86730b9727aa13c9f9e3707499d204faa674c077dd5bc99c8272d

Download Submit