9e0da3d3bc35541329439c6e0ec64a27af93fd0d6236ceff9f0949a465fff8c9

Analysis

max time kernel
748s
max time network
736s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
29/03/2024, 09:58

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

testestestestetw/triage - Copy (3).exe
Size

1.2MB
MD5

08b8eb8dd9681bfd0050fa7e547e1fd9
SHA1

f810b716884668bbc554aae7914dd19f1c30c265
SHA256

e8fec48d4400319a802dcc42081e768ef0bf8ec965e65d95ec4502ea3c35ac6b
SHA512

d0fb222a0b356abce4f8489e953db9c9330e2446007eb002a7c7db3022f931fb22d5686da5749ea03504cffb241e21768512c9c6d20156fac32c81b0070c878f
SSDEEP

24576:bdofGAmSIQ177wZ+A7MjiiRDXU/Sat5RgsLSmIOHsU5zMmX1xYwncqKvGqU/:bdofGbSIQ177wZvYjiiRDXASat5RgsLn

Score

4^/10

Malware Config

Signatures

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\my\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\zh_TW\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\pt_PT\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\pa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ms\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\kk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\fr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\id\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\zh_HK\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ta\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ru\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\page_embed_script.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_metadata\verified_contents.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\bn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\gu\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\cs\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\tr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\th\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\mr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\kn\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\sv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\it\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\dasherSettingSchema.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\eventpage_bin_prod.js	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\hi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\lo\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\lt\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ka\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\vi\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ro\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\lv\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\be\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\es\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\af\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\pt_BR\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ur\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ja\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\128.png	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\et\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\te\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\fr_CA\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\no\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\is\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\manifest.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\uk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\hy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\de\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\am\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\cy\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\es_419\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ko\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\sk\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\sl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\da\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\fil\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\az\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\nl\messages.json	msedge.exe
File created	C:\Program Files\msedge_url_fetcher_4716_639455513\GHBMNNJOOEKPMOECNNNILNNBDLOLHKHI_1_75_4_0.crx	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\pl\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ml\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\fa\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\ca\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\hr\messages.json	msedge.exe
File created	C:\Program Files\chrome_Unpacker_BeginUnzipping4716_1528041891\_locales\mn\messages.json	msedge.exe

Checks processor information in registry 2 TTPs 5 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3808065738-1666277613-1125846146-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3808065738-1666277613-1125846146-1000\{1E5F339E-E44A-4E8B-906C-D01FCE6A4BFC}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\Mouse.Point.Viewer.v1.1.AnyCPU.zip:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe
5148	Mouse Point Viewer.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
3980	triage - Copy (3).exe

Suspicious use of AdjustPrivilegeToken 12 IoCs

description	pid	Process
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	5148	Mouse Point Viewer.exe
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	676	firefox.exe
Token: SeDebugPrivilege	676	firefox.exe

Suspicious use of FindShellTrayWindow 7 IoCs

pid	Process
3980	triage - Copy (3).exe
676	firefox.exe
676	firefox.exe
676	firefox.exe
676	firefox.exe
3980	triage - Copy (3).exe
5148	Mouse Point Viewer.exe

Suspicious use of SendNotifyMessage 5 IoCs

pid	Process
3980	triage - Copy (3).exe
676	firefox.exe
676	firefox.exe
676	firefox.exe
3980	triage - Copy (3).exe

Suspicious use of SetWindowsHookEx 4 IoCs

pid	Process
676	firefox.exe
676	firefox.exe
676	firefox.exe
676	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 4392 wrote to memory of 676	4392	firefox.exe	97
PID 676 wrote to memory of 2440	676	firefox.exe	98
PID 676 wrote to memory of 2440	676	firefox.exe	98
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 3684	676	firefox.exe	99
PID 676 wrote to memory of 4416	676	firefox.exe	100
PID 676 wrote to memory of 4416	676	firefox.exe	100
PID 676 wrote to memory of 4416	676	firefox.exe	100

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (3).exe
"C:\Users\Admin\AppData\Local\Temp\testestestestetw\triage - Copy (3).exe"
1⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:3980

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4392
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.0.1699160170\1425923176" -parentBuildID 20221007134813 -prefsHandle 1900 -prefMapHandle 1892 -prefsLen 20749 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c6f6ae3c-8011-40ce-b4e3-f506ded3ccca} 676 "\\.\pipe\gecko-crash-server-pipe.676" 1980 196fd4d9a58 gpu
    3⤵
    PID:2440
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.1.1417665385\1495905542" -parentBuildID 20221007134813 -prefsHandle 2368 -prefMapHandle 2364 -prefsLen 20785 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {88d9299a-13b3-4b1d-9ff6-51af98dff30f} 676 "\\.\pipe\gecko-crash-server-pipe.676" 2380 196e9671c58 socket
    3⤵
    PID:3684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.2.1788686611\880812694" -childID 1 -isForBrowser -prefsHandle 3000 -prefMapHandle 2904 -prefsLen 20888 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ce729312-b72a-4c4e-be9b-600a37f2251c} 676 "\\.\pipe\gecko-crash-server-pipe.676" 3256 19682705258 tab
    3⤵
    PID:4416
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.3.1747160182\1595473241" -childID 2 -isForBrowser -prefsHandle 3604 -prefMapHandle 3600 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0b181bff-88ed-4903-96c6-eb43c875ee7e} 676 "\\.\pipe\gecko-crash-server-pipe.676" 3612 19682c83f58 tab
    3⤵
    PID:1776
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.4.326571732\529571842" -childID 3 -isForBrowser -prefsHandle 4072 -prefMapHandle 4068 -prefsLen 26066 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f1fc9332-09e2-4c8a-9c74-ead3b14f1507} 676 "\\.\pipe\gecko-crash-server-pipe.676" 4076 196835e5458 tab
    3⤵
    PID:884
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.5.636085215\69574924" -childID 4 -isForBrowser -prefsHandle 4756 -prefMapHandle 4640 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fc74b025-e34a-4d53-bbc5-7fc1fdb98853} 676 "\\.\pipe\gecko-crash-server-pipe.676" 4884 19684889158 tab
    3⤵
    PID:2964
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.6.489906129\1624671293" -childID 5 -isForBrowser -prefsHandle 5000 -prefMapHandle 5004 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {126c53e5-f3fd-4b69-9136-7293095a9056} 676 "\\.\pipe\gecko-crash-server-pipe.676" 5084 19684889a58 tab
    3⤵
    PID:3844
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.7.643778666\1637917586" -childID 6 -isForBrowser -prefsHandle 5188 -prefMapHandle 5192 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {760c376a-1147-40e4-a4a0-56df88e00f78} 676 "\\.\pipe\gecko-crash-server-pipe.676" 5284 19684889d58 tab
    3⤵
    PID:548
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.8.2027965409\808843653" -childID 7 -isForBrowser -prefsHandle 5724 -prefMapHandle 5752 -prefsLen 26206 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {18b0aac8-0190-4598-859a-1269a1ad5ffe} 676 "\\.\pipe\gecko-crash-server-pipe.676" 5704 196827bd358 tab
    3⤵
    PID:5788
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.9.1861177636\112403777" -parentBuildID 20221007134813 -prefsHandle 5600 -prefMapHandle 5944 -prefsLen 26206 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4c0f1d13-1c70-4588-9202-1c35baaf3225} 676 "\\.\pipe\gecko-crash-server-pipe.676" 2988 196808b8e58 rdd
    3⤵
    PID:5972
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.10.813741242\155793411" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 3160 -prefMapHandle 2992 -prefsLen 26206 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {58557208-2c31-4842-accf-a2a73667dbbc} 676 "\\.\pipe\gecko-crash-server-pipe.676" 3156 1968126b358 utility
    3⤵
    PID:5988
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.11.1818015764\1890837240" -childID 8 -isForBrowser -prefsHandle 3256 -prefMapHandle 1596 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e6825015-deb8-4cbc-adb3-e442cfb9eda8} 676 "\\.\pipe\gecko-crash-server-pipe.676" 4216 19685eaff58 tab
    3⤵
    PID:5068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.12.555507135\554046006" -childID 9 -isForBrowser -prefsHandle 10260 -prefMapHandle 10264 -prefsLen 26460 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0768c5d6-3f1d-4ffb-8bef-33a74305bafe} 676 "\\.\pipe\gecko-crash-server-pipe.676" 10284 196e965b258 tab
    3⤵
    PID:6108
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.13.948328156\791200646" -childID 10 -isForBrowser -prefsHandle 4672 -prefMapHandle 10008 -prefsLen 27463 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {011d9c0e-cd11-400b-902c-bc73dbb498d1} 676 "\\.\pipe\gecko-crash-server-pipe.676" 10092 19686242a58 tab
    3⤵
    PID:1976
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.14.151020237\815283260" -childID 11 -isForBrowser -prefsHandle 5908 -prefMapHandle 5844 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d8fff4b-5987-4a88-a3b4-f1bb0e3db25f} 676 "\\.\pipe\gecko-crash-server-pipe.676" 5824 196847b1758 tab
    3⤵
    PID:3216
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.15.1148066701\1585590242" -childID 12 -isForBrowser -prefsHandle 9936 -prefMapHandle 1560 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {11c228ba-aa79-4b36-b44a-e2bd5370f493} 676 "\\.\pipe\gecko-crash-server-pipe.676" 5088 19686244858 tab
    3⤵
    PID:5424
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.16.726216779\1560736770" -childID 13 -isForBrowser -prefsHandle 9992 -prefMapHandle 9960 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96c32c6b-dd39-4642-b91d-8cf7734e2121} 676 "\\.\pipe\gecko-crash-server-pipe.676" 9904 196809b7858 tab
    3⤵
    PID:5452
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.17.407231642\708087562" -childID 14 -isForBrowser -prefsHandle 4812 -prefMapHandle 5140 -prefsLen 27472 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f8e6487-1064-4147-9a50-b04c18dac5a5} 676 "\\.\pipe\gecko-crash-server-pipe.676" 6164 196809c0e58 tab
    3⤵
    PID:5756
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.18.577521800\2116750095" -childID 15 -isForBrowser -prefsHandle 4552 -prefMapHandle 6316 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a903a77c-c94e-4af3-a5c4-5245e7d39447} 676 "\\.\pipe\gecko-crash-server-pipe.676" 5128 1968919bb58 tab
    3⤵
    PID:6068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.19.132049012\990844983" -childID 16 -isForBrowser -prefsHandle 9832 -prefMapHandle 9836 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dd37785e-60ca-481d-98e1-0d34b1002d24} 676 "\\.\pipe\gecko-crash-server-pipe.676" 9508 1968919ca58 tab
    3⤵
    PID:6084
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.20.164563571\654112112" -childID 17 -isForBrowser -prefsHandle 9788 -prefMapHandle 5128 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {601896bb-4178-45f5-9487-b7cb410c11a9} 676 "\\.\pipe\gecko-crash-server-pipe.676" 4884 196898bff58 tab
    3⤵
    PID:1780
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.21.2104376736\179225725" -childID 18 -isForBrowser -prefsHandle 8224 -prefMapHandle 8220 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {57d317f3-3929-49e9-9f8e-f04914bafece} 676 "\\.\pipe\gecko-crash-server-pipe.676" 9804 19689adc958 tab
    3⤵
    PID:5456
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="676.22.1904168662\188321689" -childID 19 -isForBrowser -prefsHandle 8048 -prefMapHandle 8212 -prefsLen 27481 -prefMapSize 233444 -jsInitHandle 1400 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {de72c9b1-eb3d-47ce-8232-eb26e21e04ed} 676 "\\.\pipe\gecko-crash-server-pipe.676" 8052 1968a242b58 tab
    3⤵
    PID:1876

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3804 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:452

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5560

C:\Users\Admin\AppData\Local\Temp\Temp1_Mouse.Point.Viewer.v1.1.AnyCPU.zip\Mouse Point Viewer.exe
"C:\Users\Admin\AppData\Local\Temp\Temp1_Mouse.Point.Viewer.v1.1.AnyCPU.zip\Mouse Point Viewer.exe"
1⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
PID:5148

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\Desktop\CloseSave.mht
1⤵
PID:184

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --mojo-platform-channel-handle=4992 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
1⤵
PID:3708

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --mojo-platform-channel-handle=4124 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
1⤵
PID:5896

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=5148 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:8
1⤵
PID:5096

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --no-appcompat-clear --disable-gpu-compositing --lang=en-US --js-flags=--ms-user-locale= --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --mojo-platform-channel-handle=5480 --field-trial-handle=2264,i,15001568551143786084,90255922961447677,262144 --variations-seed-version /prefetch:1
1⤵
PID:5548

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --no-startup-window
1⤵
- Drops file in Program Files directory
- Enumerates system info in registry
- Modifies registry class
PID:4716
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=122.0.6261.70 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=122.0.2365.52 --initial-client-data=0x238,0x23c,0x240,0x234,0x294,0x7ffd71342e98,0x7ffd71342ea4,0x7ffd71342eb0
  2⤵
  PID:3276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=2256 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:2
  2⤵
  PID:2804
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=3108 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:3
  2⤵
  PID:5256
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=3320 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:6076
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4416 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3040
- C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\122.0.2365.52\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4416 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4300
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4676 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=4660 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4836 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:3132
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --no-appcompat-clear --mojo-platform-channel-handle=4824 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --mojo-platform-channel-handle=560 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=5032 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:4428
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3752 --field-trial-handle=2268,i,3607277540885793605,4028263409920618531,262144 --variations-seed-version /prefetch:8
  2⤵
  PID:2424

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
280B

MD5
da9b6e3b1758ff33dd704511ba590ecd

SHA1
e2c1577ec5d532c85b79aaac0d0fc811e92f31be

SHA256
e4160729dd116aaf7007816e16333177e9d31167ff74981addd9b72c5d9f765d

SHA512
0b4af97eb3b364719a2e032f481615e070bdf3eced195a478a3dffff6edb8ecea738ca80b3a10c451c56a91d008d8f78c18f7b222a6335eaf355149359b4fa3b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\DualEngine\SiteList-Enterprise.json

Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Network Persistent State

Filesize
1KB

MD5
5dbad7a5daef316befb30f6beb40da78

SHA1
7b7a4fbdcbe25eb518bf9e4f65ae54974e46346f

SHA256
bfabc1a63e5f25d5e0595a33ea3f485bf65c54c1d452626bbf1b8873dd7dfd55

SHA512
44887b2376892884c206e2bcb94153c308be4577aa41cff3d1f950e95e32881b905c479451e7739cd6adc5e497915cf01a705599961f2ae76850d9b263828a32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network\Sdch Dictionaries

Filesize
40B

MD5
20d4b8fa017a12a108c87f540836e250

SHA1
1ac617fac131262b6d3ce1f52f5907e31d5f6f00

SHA256
6028bd681dbf11a0a58dde8a0cd884115c04caa59d080ba51bde1b086ce0079d

SHA512
507b2b8a8a168ff8f2bdafa5d9d341c44501a5f17d9f63f3d43bd586bc9e8ae33221887869fa86f845b7d067cb7d2a7009efd71dda36e03a40a74fee04b86856

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
e157cbe8d5de72182352de4e0a740df8

SHA1
5100b51a6b7da70b83314a807e35a2f5d5b32a14

SHA256
74579c6a5638870c8c2559c96cfc2cc1f40d1c5e5a17d06c17ea4f1f51b5ca40

SHA512
27afed5ce42c5a4f9beb029c604b621b132fd79cc51b7c38fb0db5502bb110dbf48c59b5e60a785a65d8f37acc1ba17e595c66c25d3c030c28b33e23e1d04d65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Secure Preferences

Filesize
30KB

MD5
1cf7412f363794ee1146b814a5b16280

SHA1
f865008478c99201a06cab4b0d5645ef617ec862

SHA256
40735079f88c52ca31a1029ace7b4e508e77d85d1c615991677e82ec10f157b9

SHA512
06a13cea5a25c7335f28f7dd78b5c48e2660fd81929db233eec9399b0902f0d00dd65ae2beaed4034e1181ed4860df484091ad0cce94008a51e39fd9157e8abf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
0becf62af789d837d5a3b9382cd27c45

SHA1
2c5b7d4ef338e74144cea509c1dcd3d8871f18ed

SHA256
af1ec6730e6fe5b98de575c3e40774189da7546db4d44e0e981d0b77aa92a312

SHA512
fad95fea5237a0c07dc552fb69f350e6997b453e4a78775d91312a969606989c846e4a046228fe4f98ac7015dd4afb8dd2969417284be22be1f2e76bd60b29b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
69KB

MD5
ea0a4644f91741e3a2abfdd97fce1e15

SHA1
1df4d2a987e69beec7f61798c3363ba23b09e1a8

SHA256
6e398f84378d393d9e9bc444d42279bdc7711c510af96744fdbf7bb1c55fd68e

SHA512
0dbab812c18ecb419364b5f0ce6faa44b6ec513be17181a2b092e3bd71dc22dd23902ef048ce6efa6d9fa46736ecb2f36f6fe00d840b59db3cd92ad6681fa5aa

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\15030

Filesize
8KB

MD5
c23aa20a39234bc0a6db7318346d8e46

SHA1
86ccd3fd95faf2678faee9ac38200bf6d1ae637e

SHA256
d208f782195fbfb249e9f882026cf40234d28b7fc09195411a895fdb76c579e8

SHA512
fd2b0d3d7f737179b7d382ac94c6898bb4256f688239e17cb32d1d8ef19b5985fe784bfc3a625028b071bd3485542b7dc72e0b46580c04f88bafc305f9a1d67c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\18126

Filesize
10KB

MD5
8a94517dd9144599eaa030103ef6ee0c

SHA1
9c18488a139f123ae495b74be4d5b4ac6be1450a

SHA256
db2f37948442a18cbf14e4b1df25aec5256a19a069b89a70255cfb7dd9e92319

SHA512
3e76cd2a984512bfe2d4412950b04380f83a4e8234696e0abbd4d1daa20e26bed6a8af1500b83be63c851657c49947db888ba3d38961f2d275b4155148344a73

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\29922

Filesize
8KB

MD5
35ecc6acdc4a4ad8cbcc7c8da850b330

SHA1
dd5f0dcce19a1a4dcfd36f96c4adae431a3a22dc

SHA256
02bda38f37118a6f97c57065df7ecb349bdc8d28f3d4c23bde12c72f6d9e4aaf

SHA512
dfe2bfdc3a35751653258736a5e8e323cbaaac161d70672a10bda26b1b63f96b48fb5fc29528ed8ed44ac8ceceb61818085946e50b7496806335a9a3866a9d8b

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\31062

Filesize
13KB

MD5
d88803f7434b21e3a56d686e1add1a75

SHA1
3f5ec324ad6bac2ab24160a3c8c2be0d845491f3

SHA256
71303375d224531d3a7a6c6a67315b96b69ff4f6788547d6e93780eebca54077

SHA512
2fb9bd6fe4d1616e32a5b791fe8bf9926c0ad82fbf57f93f7a51558ca9c51984f2d1af4999d907e58c309ad282842e9a564c57a28eb33aee04aeb0060d69d52e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\5133

Filesize
8KB

MD5
c47c5ceb2bd28e9b2749afda0b0a7b91

SHA1
6c5f5b4c1fdd7ab5063203be571c3b2b35283857

SHA256
95175bec00e8eb08f6a2c02bb60fb3f5766180b0524f55f036c4f69d7850455d

SHA512
405a31cf8129281a51fa18c0484842d666dd7ac42890c5b0f8e6aad78f126c984ceb9d622699758baeee98144444c5b3e9f7407871aa4b8340a2f1f0d44fd620

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\doomed\9675

Filesize
13KB

MD5
d0cb201dfb74ac7b30259d955b4d8850

SHA1
810fc5d72f1e6f54934da12489d1017d7813746b

SHA256
ac91c5d404064b3b4b87e95853d84f1fb64745629544acb7ef6b0bd35be5c1b4

SHA512
c772c67d359ed170b42f4a703c92b50691ca0c9997aa31ca56ede01fb65bdb02817a7f6f2228c817f9bfbb7c38a8a26ec6c5fe29861f4f202aad680bf969f136

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\316F62DDC983F7CF37651EDDF8AB04CA5598DCDD

Filesize
89KB

MD5
4709db56da0ed3fd08f4a7522194e703

SHA1
da2883a86a969cb40b9873ce3d1b71ad7a793d77

SHA256
b2baf7f1d790e5d3e4c107b01b7eaa97f8e9587c94f3e271950e238d058fd0a3

SHA512
93346def73478158ab370f65d807acf81e96996264ead9a7b4cf3b733bfef98b87306f5a9e64e513e53efad99ad70d3be50752f1cde44026cc3f332ce7738036

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\43AF6A0B96B65E9C285379BBE64C9DF77572921F

Filesize
1.3MB

MD5
ca9438eb0fd38156e949d9002ff347ec

SHA1
89ea940d212e38fdc5f0fbf467291220a0b5ed48

SHA256
c45d3f09d4f52b8cfd9f95ffda66c41a169e5eb8c69e28aab0863741fd2cdfad

SHA512
d4b058b79844dfaacc4b8d11f86d1757a1a0a5b8ff89bf0d340cd35568aa87dbef3bc1de9c601dc933bd2478ed8d7026e3174f59f847f18bd1068365c9be648e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\46C625DB4964C00323A8EF4C60828B52A454EBB4

Filesize
1.1MB

MD5
43bede00c221a9e37b61738c622492f5

SHA1
1d18d0ca3e7545e11af08c022df4a92e82af5dfb

SHA256
00e10813e424ec48c583c208f0b89cf3a5c2a86b7868890ace31e3d5b69e7c13

SHA512
f903cc36e50fccea4c7d32a3c574704c9f2ef4211492a5ffdeb8d0618df665c5106bb651d86f9fe5493bb4f2314fef91900ab33bac97c0d817caa08e3f4673b2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\48C4013F2EAF7393FDA52F5AC93632D33EB61E28

Filesize
167KB

MD5
cea6c6fd33193084cec178ac6943b3b1

SHA1
0a26493825ff7c0b0ec0051b25aa615bf4431d8a

SHA256
307f9b146553a743c99cded3a27d78304f776de99fb04dbbb66af20b686174cb

SHA512
f18129736c188ac58b6e638bc751b1cba4dfbd4732809c2007400b9c96e7c5949d818426c81178f9c5bab2043057eb325c63fcc0da333a6e0c331adfa01be86d

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5234C0C451ED3C8303AED5BD277C826EF228794D

Filesize
69KB

MD5
777046ec369aaffd87fb3bd0d6eaca46

SHA1
ccd97fdf80149226ff3ad32d7996420045c4f208

SHA256
f9fcafb0eca0fcd007c5cf8e6a587209ef4574052a5f7ea8807253ae09eefc55

SHA512
c4976b97104f085839bd0b949721aec03a2985da6110e4095ea7d09ee8abb50bf0a1cf62510e969cd1a185f81b90da1ddc155210d4497650b3e29fbc58b570f3

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\5AE6D89F9E02E65CE57A707F37A56F985F9BE4BA

Filesize
68KB

MD5
39a5672d595f6b572fe3cff5511ca5a2

SHA1
242bb68b3e129e3994f354515a8de5024b203c31

SHA256
610fdb58aa03e7af5d40631c8e439ec7208206d761439e3946fcd604b5276a45

SHA512
ef02607b524f0daad7f0be7dcf198feb5a6aabb8a2a50b4f86631671f500fff30df7824ac83202cfdbbd5a12e99182b302a2053d438f40dbe03a2de314766ad6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\64734067DA3FCAD3A190A95377C1AC95EC2B62AF

Filesize
314KB

MD5
6195757943908c4d1176b0eddd576a1a

SHA1
bbf7d349840742cb91b6519e59fc360ebd20c3aa

SHA256
9dca5066879fa0074f54829dfc4a0c4f09fb33b333f3781dca139e49c2279a21

SHA512
dc2e9fd163767422e49dda1ab0b3233f863364389cf8e9c75ccadbc48dd20bd74fb2d2a24c42b5ed421ff4d22acd1f66f316e7b1fc6862faf2bd5348f5cbea06

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\688D5E5894643BBC2304962D5CFF2AB2E021DCF8

Filesize
20KB

MD5
379cf08190bd9e9c9c140c6c0ddf4897

SHA1
1e4cdb9de280ed2146ab5449a342f58b8d8dfe88

SHA256
bc2ec0066c2519ad24f8a3585e046460dac84c0305d3b3816348c2efae01cb42

SHA512
8bf3b21a4a77dbb94e1faeba0824c74b6a3935a0d8ac65c1619a98591df1345ba1c2ccb075a51ef390bb37025b27429e06b6da8b11e8688109b01c20dd38463f

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\6A7215488EE4A3DEE381985D9C6DDDBA59D1292F

Filesize
16.4MB

MD5
694bca1b45e5e0cd6c3cdf164974898a

SHA1
f891c6af70f2eb912ef96117fc5e740330a07896

SHA256
a8282eeb247248d6a138cef9f60c6508364da94ee54164c3746253b6f67bd455

SHA512
f2911e22c8917c037739e99f30ee65be29736b38327783ea7de0e14383b7595393f6ba7460fb55d6e3810476cb8ec03e99b2f554b129c8cbb82d2f8b911e7668

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\80318DF907B0618B0874F67E7D69731CFE67AD19

Filesize
406KB

MD5
67c85dae079a91ea5a57e5e9ea63ac1e

SHA1
eef42f9fcffcc3a90cbaa25ba47d7fee8a283693

SHA256
f97d6a0a9719bb76a260a28d0b73b835075f42f091d373e6f17e24ea6021ac44

SHA512
2e55fa02b7dac6c4089d8a02347fa22bff98b4139b8802706d79447f1cd762e56635a49a8ad4a2658467ac4485da30d8be92882cb8c608f538bc11c7b375b8d8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\80AF8614EB0CDD7B24B3BE186294D327C8A18584

Filesize
81KB

MD5
1dac3e4186d18e03eb4498c88f43b83c

SHA1
f6ce1930d87611302e29cd1cc6fcba8a7af26f22

SHA256
609f971ce656541e300d7965648001333351e443fd7f6b0497fe0af14c52164d

SHA512
8055e3ffe17de4514855d6db9f70796ef072f8b53353e2f73fefae9de7600f59e713fb5acf3b02ec05ec402eb921645d8dca4adb77da13e916be7c8cbb78d5c8

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\80BB96996C8133B0FE5E0D6E5EA21B26135E8EA2

Filesize
110KB

MD5
f42d52d072825e38970d083c8ab62b8c

SHA1
6437ede9ea004ba795d61bee69400b5d5e89316b

SHA256
70c1a38d48be1f560e5e977706bfff34b91a7203a54455f7b4b1dd4a62ccfed2

SHA512
f7789a39e4f0537941106ea8b7f2fdc2b5cf0a8b2f7fe56d03d1dd91e37e4e7f6701c45f7e7207b91800b035a38dedf13ec0bcc9a0ce43e6b35df318c4d93b91

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\96AD0D1BC172D638F960626A9DE1BC44D723EB9A

Filesize
163KB

MD5
adf400d9d7cffc2f625a82081ca5c204

SHA1
0491036f1304f589dd398ba1efd2b5f3abd8c637

SHA256
ed0579f551731e2446302ad2eaeb07450a218860dfb86a29082234dbd97b76b5

SHA512
1adf915a47744933401b86c3d010aaabe08572d3149bfead58ac23c3a449c387b48fcdc028f6a633193bdc37f0acc215ff331284381440591f56a7b1d457d812

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\971254C7341460E85C93D0821B91E9985A0B32D6

Filesize
2.0MB

MD5
58a6cbbbae8560da9743b1e5dbd17aff

SHA1
302d68da84514d76200b928f0bc6ed5ffa19daf4

SHA256
bc69922d2ea7968e7031d01a40448bd68ceaee14e3bc337ace1345d5f075b738

SHA512
befbd594b1ff729075aa269b6b421dda4040852e9a8286f297df0a7b79f65d4052c8d6097a3b49ecd3f8cf031d98224f04ede21d5483747f77a202954f11f3c2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\988BAED7547635C849257CCB0DFD78C7F04F335C

Filesize
62KB

MD5
6571193d68b5e768d72f172200adf45d

SHA1
ae97d9b7ef82dc6dceef82037daa2262063d8bf1

SHA256
423788c3258fbbf6d05209eb4768f7b86ad5e55e2ed89efdd117b01381ad9aa3

SHA512
70e58b0a3212a7be4e768d0585c88c093947a9b4b527f1d947c9ce58d0521dd34929fbccf4ab642905408011b1b489f44bd2f5551e496e7f5d1c3bcebaccf668

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\9B0C72219823A6DCEF53D01E4F64B1E6D768FBA8

Filesize
130KB

MD5
07fe0bc0797a297e9caf77db296e1a8f

SHA1
05f4b061fa79cc243d1e61d8e90f0b4ce70a646a

SHA256
da15cecd65c5621574b2546a2cdeaac3dd5740148515ec15f74accef2845e8b8

SHA512
e151827f250555fc347e7b6eeb1e841d5a8849e1f79119827644e663e83c7596f9fac43e649f999061358bbe1b135fc8ae2faa7545996beb704590b3ac5b0389

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E889500374FF23D8A2267AF7735DCD56B31DAC61

Filesize
501KB

MD5
d4b5bf93f147d62293dc0e4a81f8f692

SHA1
56e510d22a397a0164dc0a480883bf47f3ea823f

SHA256
988e9300727c7d65d78e1823b57223e3ae3418e66d604fbf7fe4e88e49895c5d

SHA512
93d2e9340859a9bc71e98f3b9390dba83ff23c7ca0dfd20913d13ce397240f52a4dffac7a3297b86e8632de93ee6a6fe8aa0c3a4bca69836eaa69186e10eef27

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E8B69B4AEBFB15B3EEFB01955313B9B642637E64

Filesize
139KB

MD5
0b8d658360761936df7bca6c4735c80c

SHA1
ee520e52d840809ea7df0c55fd7ee0d30facd2d9

SHA256
02486178ba2e54da4dd32c949b22130cd307698c60371f093551e9842f6a5eed

SHA512
e0bf6c85152fae351c8373565bc7abefe0459800e1a5c5f07c2c6a0b923d4b94e60d2094730090b48da5dba8d13a11af0795b5903f00ebfec6b8b1532f9e86df

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\4s2odj76.default-release\cache2\entries\E8F82FF507585AF8655F245209766BE49794B690

Filesize
49KB

MD5
60462af9b3d6c2bd78069b614a3213fe

SHA1
c12f0f1c967300006a4f1e104b1cf2fa22e9dae7

SHA256
50e3eca4c738ae98d5ebcc743d192b5adbeef7409c4e6c175c6dba0c22c0c65b

SHA512
81d00bdece60a7709fdae64e75719faa81eecd44932a45d1b1756489a3d11d6876977392b60f29ab9c5d1d62530c88375bc0230264fbd626dc93e0d76d01c6d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\cce92265-1394-4fa6-a4e9-bcf19b9fce28.tmp

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
10KB

MD5
99abba2a0ed540469de6e8811d910a75

SHA1
ddf570a8307012764b296104d24ac1154b1459a9

SHA256
642812805ea3d504a98670565954e887fb068da95d94b446689cc868dd65af87

SHA512
a3fb630de8223d5f98c5d1cb3bd0a503723fd0b5f8f353bae5c32a4f25ea36fe49e412ced65ba161053323b9388a8025331548820929de2ac197db7ddb66380a

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
44cbb546b5e7d0805f2f693511f3bdb3

SHA1
64e9b615a603b0405ac992e8a68ec6587f35ee30

SHA256
8e7860c51b3c960f458cb8d97e6615eb18e4f4d8515c4351dabc243d9d95a988

SHA512
818e18cad019a3ac8e5f9d772730e2847b9580f2917ec3e77c16a18c65ec849c86e786b7a913d75927ee7ddcb3d22029864e5f4f65bb74712db46a3448ae3767

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
b8723160e0dd52be2ae79e4a09527640

SHA1
5f0374dbc2b82be3470625b254d317157c9982a9

SHA256
e481988110a8dd6c03fa789410cb020722a50e119a890d42bbc9394a8632ae21

SHA512
db2ec341968d85882af287c48b875d1e1ee5c77864d4c69096fd73f308670b4791400791921717c1cfbd88affded107b1e8e710270260914826737be09f57159

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
5KB

MD5
78bf4fd6f9dd6f2a9a50fc26ff53ee2f

SHA1
ca16d453da54da931c7673000b5dcbfdab1ce721

SHA256
b599abd4e723dc1cae3c4eb121d6541c1c9dde11d529ff7b6c2a0a4c93c42e5a

SHA512
5a6e577616eb00610aa8342b24727e37c02a0a05859df7d8d9cfbb2bb040cde09fa8b954592aef547160190eb0f4c2888ba3ca12dfc9e157062dbabccc40b4d1

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
13KB

MD5
3f7a80b8768707990043fcd289f60f97

SHA1
1e06800d892eb68f653f348339014740bb811425

SHA256
2f84bb68179b31e8f077eec993a0a84bcca3973113e2995dda9537bd70c5aba1

SHA512
53357057bba7cf3ccb52d81f9af6c11d84d69c956c0ced308f8b79dddb350f6027f4f7feb0b242d9b31f4d04a17078eb30bdcb1fda95b140f0f6fe5d21237cb5

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
3KB

MD5
3bdb9d71bd535c7ebdb316051c96c2bf

SHA1
0c9d66f25267da887adf495c5253796ab24f7419

SHA256
f67c9d945a26ac53e55b041abff6008aee6c8fc9c5bdead95868ceb58dbc1f4a

SHA512
c487a68fa5e9f71216fcc7a7834c0fdfd499a675a7153b8fb5e2badae1a535257b30bbecbdff89373f18cb519da2f54f2e03997992423cd0f0b87aaa48ea5192

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
f98f465283ce676baea201ad61e382f3

SHA1
24aae3ef90076b73004517477617c036cb23ee2d

SHA256
12c1d649182041f620ff60c2abeb0aaa53cf5f70ab63960ce01a6585be1ad16b

SHA512
e04a9312ed066c796841266ddba1303076263ad20e1510b5ec0991cfca4e819daafaf81a69d2c90577c0927a57e62d107b1da090e80a70c482a1345884e7cbdf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\57b0f33c-fcc6-4df7-8dc1-8584e1b73b26

Filesize
11KB

MD5
1b73022bd887beda8cf784d95b1477d0

SHA1
9a51ce525a1ed0ef0852693c7fa0129ff87cb51a

SHA256
57717f5717a688409e39745b85e35cae66907a76c88d9f159a0e5ae34887af6a

SHA512
b5fbacad154f6f71689a98c36314839ee1d48b2e44e3547a122c7fdffa5a3d61bf2a90d1793ba59826a0ed3462f69f3dce67027ddef2d8945520b56a1db634e2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\datareporting\glean\pending_pings\ac062b90-d1b5-426e-a884-a3e8a98f2ced

Filesize
746B

MD5
2d661fb470012cbcb12c2445bdc9e819

SHA1
c9d81480f288b6ec3429f6ab1d1c5837a69d6eb5

SHA256
cecda02821373eb9231fa4bdc09d4d756f5a9d16572d2704e51fa4ee4023e664

SHA512
f3dbf736e991e24a62b0f0ac735373aceb8d72ab1b7f37fd43fa6d8f6e4e7051358ed0ffe1f88aa6a301e57f2f1ed39e65a6acc6ac836d8a7ff7f12e92c0b2f3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
8bff225357ea09200ef5eb64f31102bc

SHA1
ddd99a80765e2ca2476a47428110d16b22852f2d

SHA256
8d243ffacd4542f516055471328ad378150b2bf653a3bd2ef957cda9c37b70af

SHA512
ae930277f9c29902093688fc65473ad9f3f7bdfa7b4beec9fd0ef82eb791f4a109d5fb11ae556dd742df4d1b1389f92814ca31835d349e91fbb9ce789e374cc0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
7KB

MD5
eecb536fffa5e38954eb99e291dbbcc7

SHA1
49f05812c67bb5131a24e9227a6577c7ce379f96

SHA256
bca636e33d59a8a9fee4cd5cae60cb80efadb515cf93ca200446b6adc9143f28

SHA512
a95a18ff1627c60479faea83bfa935c51ea884b5bc6ac5500fbc5c44ef83dcbe05d2cb906e8deba809cc6179b187d2afd119bd3b4299ab61cd2cdee41a96cfad

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\prefs-1.js

Filesize
6KB

MD5
06df911f0b787d7e1e0d97a774b28f02

SHA1
6a59c193c019a85988015a05c4782ca60031aa2c

SHA256
b2b072a04916742ddf5d6cfc8477241d92a7bc1a0b3c28601ea9d90d27b2265d

SHA512
048817b3f4e946cbe2866bb08f7bb99ec334e86deb7c8bd028f91c9f241afe468bcdb5834792555b3f030b605b524c6ab96c70ef75bcc2aa771bc114bf05f589

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
6ace4efb9af11e90a3231d5af28349cb

SHA1
e3f459556a4c5df87fe918918e17aadd7723b06e

SHA256
4c79de790ee5ea36e1769c854cefb76ef73064991ee83757e8761e31e1bc0016

SHA512
f6fc3d26d852bfc0d4b72d0f0191213cd0424fdcb431391b1c4261171f4aca67808473a1221bafa76181969a1c50e7fbea85e84cbe2ff296d660f0d4df955388

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
ce27c1162f9bd4551c24bbb2b807ceb3

SHA1
d06d4e9d79356cf14f459cd0229f5754f7095398

SHA256
ac313b1a24599a3384e89e7b1acc802e3bba748cd645bc8fb8cf0a34d5056eab

SHA512
0ee618771f06db4797a634a063fc341956147a0089a62fa826d4c9a741ac3a2c1aeae0ca21c1f13ff429216760c712583d0dbcccbb70779c321e1a2a76dc5413

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
b5793dc7a4f844ed05cf5ac3997f10bf

SHA1
4435552488e07772fa9b905575482f41d74f5fc4

SHA256
6e74cbdf3bc3326ad80c97f53a4074099e805bb07608fa526574c5ae31046bb8

SHA512
2744afc285e406e20252d822069d05b2c0e39e6a41192fcaea3c047293a9b6341baed16ec12696674c52b950e8888b3ff0657d4f4ffd5e8fc0dcbd345d218324

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
8KB

MD5
2e7a3fdea7bc71495e9459e06109dc9b

SHA1
0afed375f3d0eaf19faba56d92014df76345b49d

SHA256
67919b1e0cbe87fe2114ffd86ea1069aed9bd72d5fe8b04134116e069901892f

SHA512
f93f23291b376267e6349aa905968f495e09236d28f72b8aff4a24109f1b294da847bd28411228818a2521b0ccf0a2e86753721700e2956a019e9acc931a0060

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
19cfc1b757b5c7833ff3312e826a5f83

SHA1
8bd098f1481bf4a8e4b4df5682c78eb6482b18df

SHA256
fe53e6b5e2057280d0f4a60ae5dc49c8370a2bd98d4f08edf46feb71ed990171

SHA512
cc85d05437621c8d88b4a3bf8f44b942fe186b49b1707305ea3810ebe97d46f849bee3c82156da255dd0c38eb157bd74373a8903b7834020ee500e25b8cbc79d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
ab2b01d56b338cff150d417fcc1942b9

SHA1
5b7b2891f3ab9236adf124f15b149b5d8130e609

SHA256
c69d8c1cc5717edc1135d662f047218b2d86c90067b360ee319d7e01cd0ca93b

SHA512
2208fa94abdf2830d32cbc4737e0ad9fe4dba5f3f719cdef5197e9e26fb9b3946292a229e2349d5e5570129cdc0e3c748b238d0230d04fb7e2ed89c47f93721f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
77ad3f7b1bae8dc2f6d9ebaeb723d40e

SHA1
3011c6770bc02973304ab26778a68adfb3c23ef2

SHA256
3422d43160b2953b78619394ba17ba3faa38a792b8084f642cd4ad38e8d48ed6

SHA512
66551e3d5e1c5917bb19e19280abd9dda3b966d8dd07c1dbeaef9bed3c9e264a779ea21740f00d890aad6ab9c7c4c19795de3be5e30af738bfcbbc529e7e5df1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
086825942d484dc38ef19fdc9871b231

SHA1
a805e06ccad94234031615d96b5b6a6074e4d76b

SHA256
6727362c61af98f13d6606c3658602a17fa9709065c297b0d49f71b727a237d6

SHA512
244e1fb128a4a638395c0515c127d171f0c03d46ae447d275fd5615c27ded3fb1cc2092e1e37c1a60a3dbfe972b4b67214641b0655bfaf476e189344639f2bcf

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
b6670fec8b894eec5136e3350803f6d8

SHA1
627f9d9ac9d7dfc5b8a41cc6c21d29d8f91c6d95

SHA256
213e72e0fe403f176d26cf5852b51447f3caa4af605d6ac64d952699fb61a9d9

SHA512
35e99b5898088e1e3332da102d2015ee7c6894cff67116c603ddebec69e96e47c39c51df7eebe73b36861e16c325aebbaa79afececd07d095538ca06ec3fc131

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
06012015ab0b295f93e24f9cb5d2f915

SHA1
5d778cc74d9abb724fd727f6e8b1685149d75d38

SHA256
2e617f9844baee6b5c3e66070368324834309711fb2b7dd57e35c53b6ec45f11

SHA512
7e1a91a059cc0944d5f13920d12b30148a622600efe23b89785016ff5ba5ebf8133b39354adea85550e9d80c93f1016e80af264fe51efc35a3b4d3922b0b33b3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
8b25dadd567856ba412388b12186148b

SHA1
5d2e95a4e2ae69398029b39bb45df11bf227f00a

SHA256
033d5a85683eee4ed774f8cc2f35f64890a6071da8150187cc2ea2e819e34398

SHA512
7d08d9a45443e255312d62a6814e4c949f5ec4f27441fd8a755ab6e04c13e5304a05fd5c2884884f29a5f32319dccef630dde9f2e0c14096f32c0e1556cfd49a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
7KB

MD5
c366521b6ad803bd33ebfeca27b1046f

SHA1
f1d37391c6f96b61c19c24b4759094d3881191f1

SHA256
9d8ec0731b38acd4e6ecd94816c5253373af18a98110a19caae084bdcb18d832

SHA512
063147e99038a05e2e52a6bc42c0db292ce942836446f21787e6497545666758e436cf3268cb6c48177a6efb927833de3af343483d805d507598e66b9fce3ed8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
46fdc4ec08b562cdab0e4ffd3eb77155

SHA1
8c4281eb9f6bea964cd34a56caceabdde9dc027b

SHA256
8cfe0b38fb51d07e0ef99bc0d923a3bea7932cc5f3ece2d50f1778916aaad580

SHA512
1557baf38344a48cb10d572d11f557267e2208aa9428b0e393bc06ecb2b158ac50ba346f56b4852256e5a7c5afeacaab953bab510b44ab6b4e5bb8415447858e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
12KB

MD5
6985adf709a66621e785d025277f1638

SHA1
74ea50440317bb29cb0953ea31438b16394d3a46

SHA256
fab7bb50f09affc579d2d4022d2df94af050275f5358ab955a6cfe65328f224d

SHA512
70d96a554a17fb1101bea134d1f365d8e7e744279f4ded778225f4bf076d0dcc4d3b3a79429582b2043765114b2ba0ac91f1c7b9e8711a55a93cd00dbd4fcf9b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\4s2odj76.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
208KB

MD5
b2aee539c9e3c002e7146e0e035059a0

SHA1
0ae0a73c7ff22e70d6175b930df643a5436ad58e

SHA256
bfd32c640d1c343151078a3867661fec87736ee6c1c33736f99cd8d654db5011

SHA512
35e875cca2e191464281904e17190634f62a9d8279684fd9b6099a96c96a7c553af8ea92fd9dc762fa05a125cc3a50a802f2f38e2ce4fbfdd8980c4617e591f1

Download Submit
C:\Users\Admin\Downloads\zNIxAmrn.zip.part

Filesize
64KB

MD5
4621bdd05717a530cb7592608201417d

SHA1
2915e40993d65644ad73b5929476441ad3d128ed

SHA256
b174b1aeb002852889fb338fdf61cfcc1c410584a0644e84dac79cfddf8a728c

SHA512
173a46a7260b8279183530d3ce7d93c509ec09a597be2113524d1fd07557b8b80bae0277b862d3d419b0b8f76055c0d14ed60327b0c2d2815d57cdc8c68879e0

Download Submit
memory/5148-1927-0x0000018DFAD90000-0x0000018DFADA0000-memory.dmp

Filesize
64KB

Download
memory/5148-1923-0x0000018DFAD90000-0x0000018DFADA0000-memory.dmp

Filesize
64KB

Download
memory/5148-1922-0x00007FFD74E10000-0x00007FFD758D1000-memory.dmp

Filesize
10.8MB

Download
memory/5148-1921-0x0000018DFAD90000-0x0000018DFADA0000-memory.dmp

Filesize
64KB

Download
memory/5148-1912-0x0000018DFAD90000-0x0000018DFADA0000-memory.dmp

Filesize
64KB

Download
memory/5148-1911-0x00007FFD74E10000-0x00007FFD758D1000-memory.dmp

Filesize
10.8MB

Download
memory/5148-1910-0x0000018DF9180000-0x0000018DF91B8000-memory.dmp

Filesize
224KB

Download