560b03c4ba18e5a443f74a69727db0eabac6f455bb836757d620cc51615a92ea

Resubmissions

16-04-2024 15:48

240416-s8783sea37 8

16-04-2024 15:31

240416-sx3jfsde93 8

Analysis

max time kernel
529s
max time network
533s
platform
windows10-2004_x64
resource
win10v2004-20240412-en
resource tags

arch:x64arch:x86image:win10v2004-20240412-enlocale:en-usos:windows10-2004-x64system
submitted
16-04-2024 15:48

Sharing

Copy URL

Twitter E-mail

Reason

Machine shutdown

Report Analysis Logs

General

Target

$PLUGINSDIR/System.dll
Size

12KB
MD5

0d7ad4f45dc6f5aa87f606d0331c6901
SHA1

48df0911f0484cbe2a8cdd5362140b63c41ee457
SHA256

3eb38ae99653a7dbc724132ee240f6e5c4af4bfe7c01d31d23faf373f9f2eaca
SHA512

c07de7308cb54205e8bd703001a7fe4fd7796c9ac1b4bb330c77c872bf712b093645f40b80ce7127531fe6746a5b66e18ea073ab6a644934abed9bb64126fea9
SSDEEP

192:1enY0LWelt70elWjvfstJcVtwtYbjnIOg5AaDnbC7ypXhtIj:18PJlt70esj0Mt9vn6ay6

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file
Executes dropped EXE 2 IoCs

Processes:

winrar-x64-700.exewinrar-x64-700.exe

pid process

1152 winrar-x64-700.exe
4444 winrar-x64-700.exe
Loads dropped DLL 1 IoCs

Processes:

taskmgr.exe

pid process

2612 taskmgr.exe
Drops desktop.ini file(s) 1 IoCs

Processes:

svchost.exe

description ioc process

File opened for modification C:\Users\Admin\Videos\Captures\desktop.ini svchost.exe

pid	process
1152	winrar-x64-700.exe
4444	winrar-x64-700.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Videos\Captures\desktop.ini	svchost.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 8 IoCs

Web Service

T1102

Processes:

flow	ioc
219	drive.google.com
220	drive.google.com
221	drive.google.com
222	drive.google.com
198	camo.githubusercontent.com
200	camo.githubusercontent.com
201	camo.githubusercontent.com
205	camo.githubusercontent.com

Drops file in Windows directory 1 IoCs

Processes:

LogonUI.exe

description ioc process

File created C:\Windows\rescache\_merged\2229298842\490263267.pri LogonUI.exe
Program crash 1 IoCs

Processes:

WerFault.exe

pid pid_target process target process

3324 4348 WerFault.exe rundll32.exe

description	ioc	process
File created	C:\Windows\rescache\_merged\2229298842\490263267.pri	LogonUI.exe

pid	pid_target	process	target process
3324	4348	WerFault.exe	rundll32.exe

Checks SCSI registry key(s) 3 TTPs 3 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

taskmgr.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	taskmgr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	taskmgr.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\FriendlyName	taskmgr.exe

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exesvchost.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	svchost.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	svchost.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies data under HKEY_USERS 15 IoCs

Processes:

LogonUI.exe

description	ioc	process
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentColorMenu = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColorBalance = "89"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationGlassAttribute = "1"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\StartColorMenu = "4288567808"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglow = "3288365271"	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent	LogonUI.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\EnableWindowColorization = "209"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationAfterglowBalance = "10"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationBlurBalance = "1"	LogonUI.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent\AccentPalette = a6d8ff0076b9ed00429ce3000078d700005a9e000042750000264200f7630c00	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Themes\History\AutoColor = "0"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\AccentColor = "4292311040"	LogonUI.exe
Set value (int)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\DWM\ColorizationColor = "3288365271"	LogonUI.exe

Modifies registry class 2 IoCs

Processes:

firefox.exesvchost.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1826666146-2574340311-1877551059-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1826666146-2574340311-1877551059-1000\{5C786D87-FBA8-476D-951F-FFD8873E1611}	svchost.exe

NTFS ADS 3 IoCs

Processes:

firefox.exe

description	ioc	process
File created	C:\Users\Admin\Downloads\MrsMajor 3.0.7z:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\MrsMajors.rar:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\winrar-x64-700.exe:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 17 IoCs

Processes:

taskmgr.exemsedge.exemsedge.exe

pid	process
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
5648	msedge.exe
5648	msedge.exe
5444	msedge.exe
5444	msedge.exe

Suspicious use of AdjustPrivilegeToken 15 IoCs

Processes:

firefox.exetaskmgr.exe

description	pid	process
Token: SeDebugPrivilege	1148	firefox.exe
Token: SeDebugPrivilege	1148	firefox.exe
Token: SeDebugPrivilege	1148	firefox.exe
Token: SeDebugPrivilege	1148	firefox.exe
Token: SeDebugPrivilege	1148	firefox.exe
Token: SeDebugPrivilege	1148	firefox.exe
Token: SeDebugPrivilege	1148	firefox.exe
Token: SeDebugPrivilege	1148	firefox.exe
Token: SeDebugPrivilege	2612	taskmgr.exe
Token: SeSystemProfilePrivilege	2612	taskmgr.exe
Token: SeCreateGlobalPrivilege	2612	taskmgr.exe
Token: 33	2612	taskmgr.exe
Token: SeIncBasePriorityPrivilege	2612	taskmgr.exe
Token: SeDebugPrivilege	1148	firefox.exe
Token: SeDebugPrivilege	1148	firefox.exe

Suspicious use of FindShellTrayWindow 44 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
1148	firefox.exe
1148	firefox.exe

Suspicious use of SendNotifyMessage 43 IoCs

Processes:

firefox.exetaskmgr.exe

pid	process
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
2612	taskmgr.exe
1148	firefox.exe
1148	firefox.exe

Suspicious use of SetWindowsHookEx 30 IoCs

Processes:

firefox.exewinrar-x64-700.exewinrar-x64-700.exeLogonUI.exe

pid	process
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1152	winrar-x64-700.exe
1152	winrar-x64-700.exe
1152	winrar-x64-700.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
1148	firefox.exe
4444	winrar-x64-700.exe
4444	winrar-x64-700.exe
4444	winrar-x64-700.exe
4628	LogonUI.exe
4628	LogonUI.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

rundll32.exefirefox.exefirefox.exe

description	pid	process	target process
PID 1620 wrote to memory of 4348	1620	rundll32.exe	rundll32.exe
PID 1620 wrote to memory of 4348	1620	rundll32.exe	rundll32.exe
PID 1620 wrote to memory of 4348	1620	rundll32.exe	rundll32.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 4252 wrote to memory of 1148	4252	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 2456	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 3100	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 3100	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 3100	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 3100	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 3100	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 3100	1148	firefox.exe	firefox.exe
PID 1148 wrote to memory of 3100	1148	firefox.exe	firefox.exe

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
1⤵
- Suspicious use of WriteProcessMemory
PID:1620

C:\Windows\SysWOW64\rundll32.exe
rundll32.exe C:\Users\Admin\AppData\Local\Temp\$PLUGINSDIR\System.dll,#1
2⤵
PID:4348

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4348 -s 624
3⤵
- Program crash
PID:3324

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 412 -p 4348 -ip 4348
1⤵
PID:3596

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4252

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:1148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.0.806914746\131704824" -parentBuildID 20230214051806 -prefsHandle 1768 -prefMapHandle 1760 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0af4ca90-b7a7-4418-865d-b7b13c61d8a7} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 1848 2ef11c25d58 gpu
3⤵
PID:2456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.1.827591334\224395250" -parentBuildID 20230214051806 -prefsHandle 2404 -prefMapHandle 2396 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {838d5153-6d3b-455c-9eed-cb4cdaa579fe} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 2416 2ef04f89958 socket
3⤵
PID:3100

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.2.789034509\603646841" -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3068 -prefsLen 22150 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5da4c1d4-e3fa-49e3-97a5-c9f6138d113d} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 3044 2ef143e0b58 tab
3⤵
PID:1772

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.3.636973937\1689715441" -childID 2 -isForBrowser -prefsHandle 3696 -prefMapHandle 3692 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4495d41d-f8ac-416e-b101-a6fe04548335} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 3712 2ef166e4c58 tab
3⤵
PID:3148

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.4.2007726094\976801914" -childID 3 -isForBrowser -prefsHandle 5180 -prefMapHandle 5188 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5432c36b-566a-44ff-8734-62b806bae24b} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5232 2ef16659b58 tab
3⤵
PID:2752

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.5.966968209\2023317930" -childID 4 -isForBrowser -prefsHandle 5360 -prefMapHandle 5364 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a8c5d3c8-14af-4706-8ec4-ab2f34cfd80a} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5444 2ef19685b58 tab
3⤵
PID:1620

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.6.490852230\2118391764" -childID 5 -isForBrowser -prefsHandle 5572 -prefMapHandle 5576 -prefsLen 27697 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a4ab66c8-22d5-4e79-92ed-0adca82e57dd} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5564 2ef19686a58 tab
3⤵
PID:4000

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.7.934077187\2066395099" -childID 6 -isForBrowser -prefsHandle 5860 -prefMapHandle 5856 -prefsLen 27962 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4719036e-9f4c-482c-9104-613a99d8452d} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5884 2ef167b9558 tab
3⤵
PID:2444

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.8.495429311\972685675" -parentBuildID 20230214051806 -prefsHandle 2928 -prefMapHandle 4056 -prefsLen 28177 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {860ed22c-e6e3-4488-8c8b-653c74870d0f} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5180 2ef19bb4b58 rdd
3⤵
PID:4876

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.9.601003492\1561124514" -parentBuildID 20230214051806 -sandboxingKind 1 -prefsHandle 2604 -prefMapHandle 2600 -prefsLen 28177 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {774e373f-7089-4034-bfde-d25b1141afc9} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 1548 2ef19bb5458 utility
3⤵
PID:2364

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.10.1377223975\1151216974" -parentBuildID 20230214051806 -sandboxingKind 0 -prefsHandle 4208 -prefMapHandle 4836 -prefsLen 28177 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {6f5ad127-a403-47bd-a06b-a48bee9d6c62} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 4888 2ef1430ae58 utility
3⤵
PID:780

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.11.2058012973\875302281" -childID 7 -isForBrowser -prefsHandle 6476 -prefMapHandle 6520 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {256d9dfc-ca33-41a9-bb80-fc6dc9b77550} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 6444 2ef1a830158 tab
3⤵
PID:2540

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.12.1586843403\1080672334" -childID 8 -isForBrowser -prefsHandle 5296 -prefMapHandle 5260 -prefsLen 28177 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ef5c2cd3-6c82-4c19-bcc7-5a85e468dbaf} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5328 2ef1ad54558 tab
3⤵
PID:4156

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.13.1671563037\60817990" -childID 9 -isForBrowser -prefsHandle 7080 -prefMapHandle 5368 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {dade2e9c-5156-484c-9837-0ec15b9fd470} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 6580 2ef1a47a258 tab
3⤵
PID:2916

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.14.658093201\1502121629" -childID 10 -isForBrowser -prefsHandle 11184 -prefMapHandle 11188 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {97796f26-923a-44e9-82b0-4ded8aba1a59} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 11176 2ef1bda9b58 tab
3⤵
PID:636

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.15.950165446\769500912" -childID 11 -isForBrowser -prefsHandle 6140 -prefMapHandle 6124 -prefsLen 28217 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {387fefd7-afc3-4ef2-9e31-8b7e08e51b0d} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5564 2ef172f3f58 tab
3⤵
PID:2564

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.16.850177677\419153224" -childID 12 -isForBrowser -prefsHandle 6892 -prefMapHandle 6876 -prefsLen 28226 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {023acac1-74ae-4004-8a41-c2dad27dfcad} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5280 2ef04f7cd58 tab
3⤵
PID:4496

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.17.1662910259\484575854" -childID 13 -isForBrowser -prefsHandle 6120 -prefMapHandle 4152 -prefsLen 28235 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {38468aae-af93-40cf-8283-6d1ea124706b} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5296 2ef1828d058 tab
3⤵
PID:2612

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.18.591521593\1559884987" -childID 14 -isForBrowser -prefsHandle 10632 -prefMapHandle 10636 -prefsLen 28235 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1df8a755-ad0f-49ae-8bee-49469800827b} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 10644 2ef1a47c658 tab
3⤵
PID:2844

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1148.19.216193746\1409745078" -childID 15 -isForBrowser -prefsHandle 5888 -prefMapHandle 6492 -prefsLen 28235 -prefMapSize 235121 -jsInitHandle 1232 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {31d6552a-4ae6-4424-a5f2-99d8b152491e} 1148 "\\.\pipe\gecko-crash-server-pipe.1148" 5872 2ef19c7b558 tab
3⤵
PID:3248

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1864

C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:1152

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
1⤵
- Loads dropped DLL
- Checks SCSI registry key(s)
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2612

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefaultd4d63b27h49dah461bha25bh2f44ebc7fd6b
1⤵
PID:5248

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffb25e146f8,0x7ffb25e14708,0x7ffb25e14718
2⤵
PID:5284

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2116,224233954057627876,14664001914705377968,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2136 /prefetch:2
2⤵
PID:5640

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2116,224233954057627876,14664001914705377968,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5648

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2116,224233954057627876,14664001914705377968,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
2⤵
PID:5692

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5976

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:6016

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k BcastDVRUserService -s BcastDVRUserService
1⤵
- Drops desktop.ini file(s)
- Checks processor information in registry
- Modifies registry class
PID:5812

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --default-search-provider=? --out-pipe-name=MSEdgeDefault91fb2526h1a20h411ch83f3hf0d14dbc85f5
1⤵
PID:5924

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffb25e146f8,0x7ffb25e14708,0x7ffb25e14718
2⤵
PID:5944

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2088,5975771182964560954,11093613549061091252,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
2⤵
PID:5192

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2088,5975771182964560954,11093613549061091252,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2240 /prefetch:3
2⤵
- Suspicious behavior: EnumeratesProcesses
PID:5444

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2088,5975771182964560954,11093613549061091252,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2840 /prefetch:8
2⤵
PID:1596

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5992

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5604

C:\Users\Admin\Downloads\winrar-x64-700.exe
"C:\Users\Admin\Downloads\winrar-x64-700.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4444

C:\Windows\system32\cmd.exe
"C:\Windows\system32\cmd.exe"
1⤵
PID:5936

C:\Windows\system32\LogonUI.exe
"LogonUI.exe" /flags:0x4 /state0:0xa38d0855 /state1:0x41c64e6d
1⤵
- Drops file in Windows directory
- Modifies data under HKEY_USERS
- Suspicious use of SetWindowsHookEx
PID:4628

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {9BA05972-F6A8-11CF-A442-00A0C90A8F39} -Embedding
1⤵
PID:5668

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
62677bdc196e22a7b4c8a595efb130cd

SHA1
bd2adf18caf764c8f034c08b6269d9693875f3c8

SHA256
b540616d7e73ff22642f4fbe2bea0f9daa2f1166391e76cf817b2a93e0bd41d6

SHA512
d23c3b9662eea6a75382242fb8e8084abc1127afbd2632f161df71a2aefaf223621511e1bf6229cf7e86313101a8d9dfe2f20e1c0bd481066e1969cd6fa75e32

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
22bb6af63c7710354ac7070e45ac988c

SHA1
34d29d6b316e39ed8fb8c5efb42c4269040fcf1f

SHA256
1a70d5d3dfc04e6f5cfec1ceb06676039229f895f30007fdb55b043ed48ab4fb

SHA512
42c12820b5237caa5b4d5149901f84db6619a69e85cb869df06e07b3cad1b51e0c2d0545ee0129cbc8e7947fd8c2989def537ad2d58a1d5bf2c2a1bf60041ca3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
61B

MD5
4df4574bfbb7e0b0bc56c2c9b12b6c47

SHA1
81efcbd3e3da8221444a21f45305af6fa4b71907

SHA256
e1b77550222c2451772c958e44026abe518a2c8766862f331765788ddd196377

SHA512
78b14f60f2d80400fe50360cf303a961685396b7697775d078825a29b717081442d357c2039ad0984d4b622976b0314ede8f478cde320daec118da546cb0682a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
b632bdd5a9c28ce105e28741cdc9f54a

SHA1
5d7a0310d46ff9772120afc279e5d15261445b0f

SHA256
6755732b2490f7556afae102cb4a223ee193e398419e352baa6fbad04fc96777

SHA512
902da40ce3a97817d1ba5a630162692c7226306eabef84950d44fba65462f03813cf2eb7013ef5ada2ccc20a0ddcc020fd9c5536a7d0bd680868f8454be39490

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Site Characteristics Database\LOG

Filesize
350B

MD5
396e181fdff78fcbf1344133b7bc2d08

SHA1
40bd8038bd6508480497bee31da915c455b69cfb

SHA256
43ee96f2229725a4b601b32318428c3679f0a20bb27ec751328f18b97aaeb58e

SHA512
aa3822d0003d4cd98e08273375df52d340d5a700038df6ef680f0d33ea0fc50e6c286fee37cf4cf2602276d355642e46618c5bcbf73252a96423bcd5fa49f25e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Sync Data\LevelDB\LOG

Filesize
326B

MD5
2d4174dedd89afe1979660cd3b3dc227

SHA1
d336726afc2e9969ce3c3b9a0b1c8543bdcb0e71

SHA256
c647544974c67a798b9bd0820dc1b302a970257ff5ce73c6ffec45cce0e70047

SHA512
9c20891c7a2b098e7f3dd42ee9c32018eed49b16367171da6985c4eff73d1527af3c4fa40cb4a3d85d12638961e0863946f14c35d24833651a98140fbd97742e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Last Version

Filesize
11B

MD5
838a7b32aefb618130392bc7d006aa2e

SHA1
5159e0f18c9e68f0e75e2239875aa994847b8290

SHA256
ac3dd2221d90b09b795f1f72e72e4860342a4508fe336c4b822476eb25a55eaa

SHA512
9e350f0565cc726f66146838f9cebaaa38dd01892ffab9a45fe4f72e5be5459c0442e99107293a7c6f2412c71f668242c5e5a502124bc57cbf3b6ad8940cb3e9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
8KB

MD5
043ea5595d446026b5e526b161d4e7f2

SHA1
d02ac155e57b5257be2ab554985b92bf55b75014

SHA256
31db8019fabb8acc76de5165ff4a3068955119ef76bff5b344bf8e2a9186034b

SHA512
3551b913429501a92e13483468f2d5965b5611196d7cc5c6a0f0f97aa3efac334a72f8aec9e3652b495a4fd0ccc398e7a49392d18c625cf61e35d755eb9521e8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\ShaderCache\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\activity-stream.discovery_stream.json.tmp

Filesize
28KB

MD5
7ca3af491469c24857736aa09bbc501a

SHA1
86b1a54e803eca14635b8120253712309fb1bcd0

SHA256
b97366c3aadccc86d4fc660f21894480ccf2dc8ab1064c56ed614239e82fb2a3

SHA512
2f13b28fa22a3bbd2e8ee85f8201cebea8d38c85d37be307985709f66c45d84accc05f05209e1b045351d4337b7d160c2aac13b03844dd7ca58c58e8972ffa58

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\activity-stream.discovery_stream.json.tmp

Filesize
27KB

MD5
a51c22d8ef4144a7cbc4ee9aefbe2617

SHA1
93a7b06975cb4eeeec8f7cacf2e93dd06335976a

SHA256
898dc2eec5bbcbf2f247ce8995288e6e9d3af2021fcde81310e526f09df8f01b

SHA512
79fdde03e87c86376132c8b555fc46caeb812813b19e4930194acd7e1c703ca7bb6551fbe42956c7cecdb7f721354a56963a761e64374b422bb7f57a20ae332e

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\doomed\10781

Filesize
15KB

MD5
c25f441a9f31d5eb2660e1f9e792f29a

SHA1
5b25dcf034c99379a36cda7adc2e1b4099d39255

SHA256
a0b4e9509169c0a95bdbb26c387069ad94a5733bff37eac71c68b52bc5018fa6

SHA512
cfb3315f5f584259a3a14472dad877a4ff44896d334059725906eedf9467ebd49080e0a306d1b4cc9fe88a58fa8465a306d343b5e11ddb99ae1eb77c90a1dd29

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\doomed\18961

Filesize
15KB

MD5
889e1a75c22650a97b39c6ec73d15974

SHA1
c6ed255151c42f5c51edefdf07dc3f149d50d129

SHA256
c66323ec9bf1c0456c22bb9a11709270123315da46d42ea58a4c2676e9a38fa8

SHA512
54896827222d80638aa26d09180c5ca60ca04ecf0d5f0771ecc263c8510d6591e0b9f4f9724eb579803e9d0f1e645808940578f91c20d4adf6ef2ae450880f42

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\doomed\20578

Filesize
15KB

MD5
49cd498c6ffb6c0c0fe986837a7c2102

SHA1
6a2d600008041a5f8ddc6ae206dbc0dfdc4b1bcd

SHA256
5bdd0b78270d810137f81756a100857446931772efaed4d154a030d45489cff9

SHA512
e40ba7a101e0e903ed68791c3595fa04976f6e4669db550a26eca4468ad5f274f50cbc2607b1a6697d137739fdd52d34a869b2b60e57dc8b4583105cc4200cf2

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\doomed\21701

Filesize
15KB

MD5
ecbef04dd5ee906cc63d5f752c51e1e9

SHA1
9f27328ecf20c06270145a00048d6a7e7a0a3209

SHA256
99024974602ed9c57f20b41708682824460b5a4f43b21627738996eb1af0a3dc

SHA512
8288db28d47cfff516f928f37cc8a5e23aff0b158316b1d460ab78eec61f8ee981dcf58a668c62fadb1671e532809d42e6a704066f62b861cf9f1fde1f017cf0

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\doomed\22350

Filesize
17KB

MD5
d4ec1b7403881fb70c955e3e61623233

SHA1
5418ffa9b5ba98d8d5cc77f00662c6d9ff7d9fdf

SHA256
9ac51cc29dc0f893335bf6f92ae2c550d6fc15fcbbfe621505abb41643c7d4ba

SHA512
bdcdc5adabe0b4718d6cb68da032604b4fea14e5eb6bad36e3dba0969feaf72e62964756bc518ff6a7cca71e14b08c2cfec7b72e0248cd7bd3d730af9f8d3533

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\doomed\31048

Filesize
15KB

MD5
a02c0981c2e5039e86e7ee36c1b24710

SHA1
9b02b49927324d38f7405852e91c621144a1e473

SHA256
ddbfa6f422bc59ba6de203e147ad50c9a1b6034b71f478cb2309c0978ae1fef0

SHA512
c9a3f90580627a2c1db8931375280f6b79497c0225d4b47249db946c0cede8850a736ab6479dfb2b96baa6391807d6f8bf31b24913d1d5be50c9ef529c78cf86

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\doomed\3704

Filesize
12KB

MD5
db2ef2e6a944a225848a759e0faee0ff

SHA1
7df48fd807f16858655f44b136e907fc2f29c3ce

SHA256
c7820f5057a669accdfaf18b99a8f19d23a35d715b035ad7d8d35d0445ba8773

SHA512
f1e8fba6f9b4ed1737acd4ea6bd9ef469e44603e3e1fa5c6c9ea4a71995b86a45aeff3f18bd3e275c9ee9814a8170f02369bad56e09eda6bad0df410ebd465bd

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\2E9651084A94439F15F1A96D49B3DBD1AA17212F

Filesize
153KB

MD5
18b40e15ff5d48917c399535d80a971c

SHA1
28cb62d31570a25cca3e29b2d5f64ff5c5fe9836

SHA256
cf5372bf35a446d20c9de9002dbd79aa8bc19ee10a0943059d2f96ea36947cc5

SHA512
fa11f85307843390c73e48d16b48390dcbad163d5b65e90056ede10909da7ebf318542951d936cdaa6da6a153f5f5ba41e654d23ebca655fe9dfc6ff75607ea9

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\38AA56ACF3881A4EA6A8B5F8500B79DB6CB531C2

Filesize
106KB

MD5
ae36e9c3c6024fdf41117fa64b6b73e9

SHA1
16d0d138160fab23c24732540e53b69e9f3b13d3

SHA256
f9a082aef1b3be79e575733c7baf53e4eed67fe17fbdb20dfd2604ddba7fe88a

SHA512
c29cd30f4a5b06483522b4a41211bdc11f1e94cd9948d88ef02cc8c4a4c544cb8136e75f7bcc87791be38ecedd40a0a023961ce6331777da3985b7016c25c750

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\4C214359B7C3B3DC8495D623A5BD96629EBD0FB4

Filesize
2.7MB

MD5
31ec185a5ea96a8dadd8da2fd50325ce

SHA1
fc49f332fb29bab5d8e74a1b7b7a2eab74d4ed02

SHA256
05d9808af918619dc46788fe9329dfbb25b68b2a38bbaaf668d624544b164681

SHA512
c369f48717de3e1ab74ba124b3ddf8e269a294e4add6efc69da0b9844081b7a2a5458198003fd41d921fedbe06fc997a4d13528cecb0e4e8d18b50cf78d14d88

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\5E8056C825B4A9C371623F8E1F2ACB0193202374

Filesize
1.7MB

MD5
717fda469b1e122384b777e63acb2b25

SHA1
972d45a65fcc96b5562a45ba97c07d6bcd607c2f

SHA256
6e4d438c29bfb094b37ced730e5993cc3b0379cefd8e468a2ca7318749e4d287

SHA512
d9df0bd82e989d1910f4dbc3a83422aaf8828c5c28a14bb7e6bacfed77331a3c64582560c3c50cd0d8e56e7264495f9c0446faeec9835caab21bba72e0656962

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\79B0DDE3FA8DCB1BD2B4CA2ED3EB8F3088226A6C

Filesize
412KB

MD5
79c4c06533ea7e41da23a5673e8847d8

SHA1
a4c0839165ea191fb5bf3e3808b0c63041ce7c27

SHA256
72e85bdc2f45efb2cca8df9fade02b374384d6c577b0d5e5545be8646b6408af

SHA512
526b729e5edac6eec2728649adebdaba58898c7f710ad4210b5e471354eb256ac8d1f0c0aaf9f9b4d9047ee84bd098a5ef1a64eb85a8ae3d1d4ae99ebc9d2cf5

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\874F18BED7CB5132715B8A78AD866AC231B4B3F3

Filesize
18KB

MD5
46cf8e9cd020592477a222cdf24fd26e

SHA1
0ea9ecd208d6cd157fd60a8bf23963946137da84

SHA256
291f4b5796b21c118cc25e295d9157066047ff231f5a268f747720cb5179f6a8

SHA512
4c284c65dfeccd8614b29f7e76f794c9a6ce265c5100a672b992a6f5bb94042aba9cf8b73fcfcd59efae82fa94a7a830a18c6be0388ff87de1bc6fb7a31b54f1

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\B5DCF6886EB354CFFEC8F1C82142041710729492

Filesize
4.7MB

MD5
141e37935a1fc0981a6ea128309c4fd9

SHA1
3b7d89c17a66dae14e4b2e8d14546137baf21489

SHA256
db175ea196cea723469747242924f31949b98673a280f13bcd92b8f583849419

SHA512
17bfc4f042c2d5f25ca6773be5afa4d15cb47bdf8c88fc0cf8caa0a8cc5795f3a1fa9151ac8208b2188079832751a5679eca99b8489e4816a6dab65e523dd746

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\B84D38ADB7A975F9F70CCB33B3199CEF4B728165

Filesize
2.2MB

MD5
c2c630c401324562f6950caadf51e3ed

SHA1
8eba667ad71909cd6d68fa752e3a7897a44a9129

SHA256
5a4d585dfa6f17496913a6f44c494814aeb10789acc4724427471c1f96526975

SHA512
83fdf8bd4ca07ed652f1c3639bba2c49e5ad428cb51a807c6e417092f721d2edd9f391c54106e549fba25e6fb475f9c315c0156977cec281e4e0329cc305f468

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\BE76D0829705A3852FD61BF4240B8B76F80547FB

Filesize
61KB

MD5
19f6ea4d6a7b5375a82cdda3ccaa8f07

SHA1
fe1e7615cf500df67da4d00e98cbfcf47ac0bde5

SHA256
27bc17cc41b2ec71d70542bf194c5f66dd2d476d1a1ffbc328c71a5a66cef279

SHA512
ff51aff46e698f3f67f2c9dea337c34425fb4a7e5ce125438d92141eb3443c6baf031a5ac64989a9d4c1aa78ba573e08306353402b88c812871032c40607b1c4

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\C2995AC72A1C82CA460CD55984A64498CDFD69A6

Filesize
960KB

MD5
2000498e43453137cd0dd0041196b086

SHA1
2c54fe0699a586845394c19eabae55634df001ab

SHA256
76e4c0b695ed6924c0c2aa7de2cb571561948924e0dcfeac8a9c7ce42e28510c

SHA512
4ee559cd187277e151a9488fa2a3cc719031ff3089a90ba512e9158b2f42269b820d90091d181acd539ede7636a2b62a925fa35324144c27eaa9c5a436ec234a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\cache2\entries\C72D4296C2EBC6FD41A9F780CD0C8F30F0FF937C

Filesize
13KB

MD5
2a646cfa1c69407648416ca878d9d0b2

SHA1
ebf42aa521c3b6c7257812ca7203d158389658f1

SHA256
f3f667627c1c6df432ec3275c05e0c3e615d1e1f0ef70d56de97ab9e3cfa1cf2

SHA512
bcc5a628d603ad5d15eae41a6c9d43f381636603cd6a85792ab579e4a312f73995a160bac8531f0e4505abafcfe4bd383514b36b58eacf1c290c794858795bda

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\77tfm3lr.default-release\jumpListCache\U1CuR8NHzplZX0CpABMPlw==.ico

Filesize
691B

MD5
42ed60b3ba4df36716ca7633794b1735

SHA1
c33aa40eed3608369e964e22c935d640e38aa768

SHA256
6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8

SHA512
4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
503eb08f84f05348d7c6b12bafdb928c

SHA1
f27990a8e5da030df3570fe34eec6c0cb643d2e1

SHA256
4fbb4b7dcb7bbb5d2b447f4f3a8798357d28f3aef1b87c907be95a42236d774a

SHA512
34de436b95b255bbf54610eb3a1405c1a255a221aee0f1195fadbd3e59c73cf67abdfaa43b16bef627bd2c7e904d3153415674667e433e8a26ec18b2adc4123f

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
20KB

MD5
750299a0b43622b5944a29c9736e34e8

SHA1
4b61124b233ee3d604d458eb6eb66bc374ccc8b7

SHA256
c99444042c14bff11de3545200c978e8da77a967ac2638de83f3904dc4443cd1

SHA512
8d31b8805906094a8a37835fd4b60a928690a4f982c02774d8553b48e83d4485111db826ef422c0f9308dff5131b3c36ac887515dbf9189a2e7585486510ce03

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Filesize
19KB

MD5
93484df8f024b8653469a801101cbe24

SHA1
bc41349ccba9c8e7b7426ec30ac82b3ed070bd95

SHA256
27f53f84bc754a408256641d7b1d23afe2be6a4117c396b2ec6937b1380d43e7

SHA512
fe346d3a83e4904ba676cea68d15e5973b7a056e9e317aa6cb023229060e1bae334317208639e4fdfd61759c6c9fd6664af99ef1488bfa9d8b970d6f4c656a19

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs-1.js

Filesize
8KB

MD5
707eccc2fbf9dc73d273b26a844e7f7c

SHA1
94c21181cd1e84b623f39d3b79fca46652e1900d

SHA256
61d9c3dad5277d27a48901a37cff982038afe80756cf90157755a8faedd97212

SHA512
390cf0a71a22eb8b546ec4e62c11b6215d469812b36e88c675665921d5b843733d9080a56fde1233b627266448954469c691b6cd516a047fedf2a6086413e2e0

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs-1.js

Filesize
9KB

MD5
975e6696344a8425a8a3e4c6a4b985e3

SHA1
d96dce98ee21ec647e9f4bb0dd624d33215d1516

SHA256
0a083d5c48a3f88f5a974c83ed8052ca6afd339e8a5176ea9602ccb73954b381

SHA512
af2e72528ee3ec83323a9d2ff1d07dbed327f7dea45df22fb8eccc6c3d5f45c37df46107a30468655d1e2e55b415fd5063b6530ef2081b091fb87182f46eed06

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\prefs-1.js

Filesize
7KB

MD5
b25085ac5d7036559c18bcfe0513c585

SHA1
7119d1bac5ff599078ab43cf14d9eac61ddd8853

SHA256
866f2c5f9d52bb3c857d6c2873874d8834a16b9be2b8c0a1acbd9cea40fbaa2b

SHA512
6d762e5e677213667356a0a9f23729ec4d5f9416dc2e9408b473d7baf1a7d047d343d6f9623e1581ca84c8e660ffa146447a610b5b5207295a502bb200b8ccae

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
a95cff7be8dcaa16e20a48cf37ba5d7c

SHA1
b293be723b826fe6b1866e2491485a087c4bdcde

SHA256
0277c4c89ceda23f37d086f03d9cabad5c058e7de40f78ea17af96d40faadba2

SHA512
27b8d496e47a57d0b18598a12e4d52b51ad772c42d0fa560e3e421b842fc2a54e36e81af6c034c351f126a1fbb894d6ca006302610fee835d0aa316b97da5a9f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
23KB

MD5
0a9e1d27c10cd9ef7166400bc9f271d1

SHA1
4fd77c77b22bb4a3b1840690ce5c5416f3842e4c

SHA256
6871e7b2c542c5f85bc293181b18f927f66a0ba3858ef5c959045158735dfce6

SHA512
50b27ec6951e4036c5c7bd54be90fe5166b33cccaa05c74b3f5c722ff946b0a4d8aa3cb36564c90b2ec1bd10ae62b6ef384f59fcc0dccd689f8028749440ddf4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
26KB

MD5
dcbf92788d6f90e9b38eca82fe44e0d2

SHA1
79cdb4c3fe47e34879aecfad33d8d724c67d6f5c

SHA256
a404b4a154fca0878f0c67fa5191423edcae004abd0d5b675dbb4af281f6ba51

SHA512
35bddfdac219495d72de12d20d29365dfc47e0968e4ad6b9fce9b75ad15e0ec4504f4f2e6711651c9fbc29b4b45815082353a9ad22fdaf868c69a782c2fed204

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
24KB

MD5
04e09e7239e89ff50bb240f5aaf7e10a

SHA1
a27b46c7ebb9e4ee5cc20f9b6d6ff4ab3f62d2ad

SHA256
866e51f676972b5fde3794cea95f324a1436942f72a52c2c6abf1faf5df40693

SHA512
8963a74638c3ac5a122e5e573d2461d329cfd0988b89be809ae776d2000c8e539ff4df7cd828cadd75f053ebd3fb2958007936abf8b8121d686767795e553285

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
26KB

MD5
49b09667fc3099787f39b2599f50af12

SHA1
09d99f9bb4450bfe3e1e5daf3fca5d9d86b85c6a

SHA256
275cbed5f7aa5e5ad970cb61c1962cea97f37d7299173de0468ec2b122c247e5

SHA512
b690a9d50f6309053f737576384b27106a8b369c40578b798e7740f0429afdaf27492106314f9547eceaa90e06cc5b85e7b3f0dce473d19e6512c69c24602760

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
29f61f7c470ec9312555106fa43dfb8b

SHA1
e73beea60ca8eeb0fd3a6e14613c35d1d731cf25

SHA256
046d14439ddb56c44c608ca5136d03726f26a54c92baa04457f173b2e7b48c0e

SHA512
d46a2963da615fa69d09d84b749f3e87dea5a34cfbbbe8a9199033c98d9444fd1fd4813efc1a6f1092ac96f97273d5a4724f7dcdd1624e3596efe95a9e4e43a3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
4a3e07d93a87a9c43e821d2260218693

SHA1
ea4cdf36cf5a665b21a28db50ba413b6072b2ab9

SHA256
07af191d8828d7cfffd62d02d8e9ed7058c0b3000bc195c042f50d1e3bb8185a

SHA512
a29b9478e56ab4ea1f867ead5da9e0e88343bfee385d7e268cb5fe04a57f97ee5dde1775c1fd83c3a3e764278e1fe46a8b71a38b64652f4f273d83ed1697b287

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
11KB

MD5
806f041d6ad0c45d75e66eed4ff9e998

SHA1
b1e8aa5b37007f64808ef4cf1a1e7711d1db8fdd

SHA256
68991a3b4435d8d23e4a975d5712a9aaea771a41301ccbc981df7b7e76b2bddd

SHA512
49e35ea58ffc3cec634625cccad075c63184769e64578178a80be278979964158437a32faf8cd973cc1089d901109038d850e4decd593d1f429bf7c59614cbef

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
884b9611d9ae188250e609d08c06cb9b

SHA1
c2e5dd5e4c6914f1a14945349f48acd556a23cea

SHA256
885f0ddee9a462f7c7acfe6684c7571db9d9eae3e3fb410d9171f0fc49ebb52b

SHA512
47b16fd893bc01ab39cdf7555bf294926f14336d4dba3f9834dd09e09e716e247f2cc896ae2230b68808aa9075e30acbeee7a944e0b427d8500487d14c83fe90

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
18KB

MD5
8736b8df1206c95ad55089f80340bc8e

SHA1
ccaa34344692b5a234a57af7dbf99bb381837ce0

SHA256
2432f1701544210bb6a3cc444d2b7fda5638a8e6b649193b9258942dacd83241

SHA512
dca0f594c0d33ee09ff18cd95b3adeb21e3261fea6565da763de52834310d94ded7fcd6263042b2239293be246d2b4986e572a6f66eeed744b24621df68793a4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
1bfb25e6a5e63e6700f5df84f8e580a4

SHA1
fc3521a93b9be57a7ffffe4cfc26ed10c9f1b354

SHA256
97e8e290e2cd4452424feb0597ea2fa7cca75e42fb20e980387a4197102fb815

SHA512
f291036ba34e146d215499f882c13de1454e353daabbdf07078f8fc5a0f5c9392b5d4afe7634f531de7d4fb6b42d87d76cea290fee78aabf509f6e533276ecaa

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
1KB

MD5
321e7e783b3cec0336cdfb95e389fda9

SHA1
57515cd216f5b9e2ebe25324fc37dd163b735433

SHA256
f166158895e94db0a59630123be558624a0860c46de2cf10522385e69878c151

SHA512
b21cd3d6f93d7b307ce6f84c9c2a9f40abfe452e72e9442f4c4abe6043270d439473a93b60336a87dac2a43a0676000d20c4c7026f3999db0a7b6e3efeb94ac8

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
4KB

MD5
87465cf1e6b456665a5392e9989be0bf

SHA1
45e09b96d9d44ebcba43f477345c6842801b9fd1

SHA256
4796df1185d569bd249695d03b633c44bfd17107ac002f4f2fb85a9e448ae328

SHA512
b2b1ee3fbe2d5d4c0d1cce95350c93545ec423f4e77748230633a966f381902f55a22a79f7d5ef66ff0a566304f9a02f5d5f8449874357390f7b4758463da806

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
9KB

MD5
7149c6343ebfeb223baf5692332bce0f

SHA1
06e0a2b7a03be91fd94e8c686a032d38f7115672

SHA256
1f85a59bf555432c2a93b390fd14afe7965d0c37e07e453dbe9ff321aa80845c

SHA512
56470cd71b47dcd63f8fb3503d72205fadd06a071bace0b1a8ce62d536b115f0b355cafb3089447de6b606d50bd0bb1df57e15dcdbc9fb6812abea3caa77cffd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
13KB

MD5
c91d85ee46fe294c899b1c6e4fb844cf

SHA1
5aef8d15acd9564135fdf1029fda67aa71188b44

SHA256
5853e1b62762508317d7adc3ce88906fca0f171c2b71743692b7fefe0af0f8bb

SHA512
aee7fe234b8a601d547a9effa4fc68723e750968d64afb4d4204681cb3e2b377f1315da74051c391f498f9ff6b26c4b7225df8281f9ac24b52c5d3e82dac4df3

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
15KB

MD5
1f4e8976309edfeb054f366b81d783c5

SHA1
c9e5339aba9fb28fd54fab5a99ba05f2188ce911

SHA256
e4c9751c4d56104203e586598a75e708752481ad78014e153a3c95ce82b4d89c

SHA512
88bf8a06f4852b0e32c62276789f7f0d041897495c989e79ff2d7d7dda9bb976c970fb206716eaef1a4f3c0d6f93cd4bb2c11d2bd25ca4315cfa7d53ebc58eb9

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
4c8831b8e6fabb73a5892f1b1e6b90fb

SHA1
7c4d2cc68451e2769261ef196f2349b1373efc8e

SHA256
4fcc4342bf9eee285254695d2c8fd19bde6665e0df26d6b55806f27f347e39c8

SHA512
2b79e085f1a2247d13ef0ca731190eaddb9f90024795ea4c2a4222413c5ab4f200bf46b58d472299391e48a9a206b70584c30acfe890467b4daf72b96fd8d573

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
20KB

MD5
52f6896c999d0e01a026cafe6d9addd8

SHA1
32dc5bb246ba01e989e219fc90f0d25f143da055

SHA256
b63a2f40ecf483f0061b47d5acb3105d6385d5395bc9953c77f29c84b1d14d2c

SHA512
4506f69c4bb44629f391b2d12f34282823f79a4524d2b5e504fa667eb4429cbb8e080e8c65a3142d5edafdfa8d39dacd4aa172b8469c0612e2fec8b9768ed1be

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\77tfm3lr.default-release\storage\default\https+++www.youtube.com^partitionKey=%28https%2Cgoogle.com%29\idb\2171031483YattIedMb.sqlite

Filesize
48KB

MD5
b4c81ce8a0163ca5e733501066fb3114

SHA1
cded9d94b80b99c82e0a14b0564c3066cb7f18f3

SHA256
2dc74e3ce518781b8cce209ae830b36836ddff13fc60c95b341572c0b6d40942

SHA512
e5ce5127b45913b4c47b71690c6a1f699e31174ab504ecbc4a78789c4ef214d06c66f377b4b94e5f80b9b6cf1358474332032c0b7c3604b03caf336d3432911d

Download Submit
C:\Users\Admin\Downloads\BonziKill.S68jUhRI.zip.part

Filesize
4KB

MD5
19e381f5c82235685b160251bd584353

SHA1
ac139672187837b867e19a7d11ce303296e678d8

SHA256
a62d510491db637a25945abb09b09232bca74b0e5d00f0c4d1d77582800fa188

SHA512
7b036eee8c0f247cab010612031db768e46e4ee06b295f9925e1dda77d60a8888a4eb8c406d35e39ebde83aee8862bdb995c4c35a86131c0a32344fbab4b2552

Download Submit
C:\Users\Admin\Downloads\MrsMajor 3._zj2N7k-.0.7z.part

Filesize
234KB

MD5
fedb45ddbd72fc70a81c789763038d81

SHA1
f1ed20c626d0a7ca2808ed768e7d7b319bc4c84a

SHA256
eacd5ed86a8ddd368a1089c7b97b791258e3eeb89c76c6da829b58d469f654b2

SHA512
813c0367f3aeceea9be02ffad4bfa8092ea44b428e68db8f3f33e45e4e5e53599d985fa79a708679b6957cbd04d9b9d67b288137fa71ac5a59e917b8792c8298

Download Submit
C:\Users\Admin\Downloads\MrsMajors.x7hGWS56.rar.part

Filesize
82KB

MD5
66b9286761be09ab34ecbf3f5dfe71ee

SHA1
7c043490a463862c725207e92600444775c02717

SHA256
8b3db4259f953d6e8a6cf533e7c8f5db2e7cc3c09b4fbdcda09da926a17af792

SHA512
2996c32181bbc88b4de507e3c87a5946adcc017d4ad26496a3e48052f5e6d08b62b106fc6a8b63c181b7408802130605522887c955045068de782680aa420454

Download Submit
C:\Users\Admin\Downloads\winrar-x64-700.6XjdUCAb.exe.part

Filesize
847KB

MD5
203c5b571ffdad755cf699d6fc012132

SHA1
613b98f7296d0d77e2237550b337d00d3dffeb30

SHA256
7bf00119d12a0fcaf3bdf6888f94349e34554751ba860407b5d2701baf252388

SHA512
98714bb2af346f1c0e3ac818468bf430d5c91378a407e8a8d4de9c0f5133550008ad7ffcada5c12745c01cb929fc9139c0923f13cd62d4849c1c99e467a66640

Download Submit
C:\Users\Admin\Downloads\winrar-x64-700.exe

Filesize
3.8MB

MD5
48deabfacb5c8e88b81c7165ed4e3b0b

SHA1
de3dab0e9258f9ff3c93ab6738818c6ec399e6a4

SHA256
ff309d1430fc97fccaa9cb82ddf3d23ce9afdf62dcf8c69512de40820df15e24

SHA512
d1d30f6267349bb23334f72376fe3384ac14d202bc8e12c16773231f5f4a3f02b76563f05b11d89d5ef6c05d4acaacc79f72f1d617ee6d1b6eddab2b866426af

Download Submit
C:\Users\Admin\Videos\Captures\desktop.ini

Filesize
190B

MD5
b0d27eaec71f1cd73b015f5ceeb15f9d

SHA1
62264f8b5c2f5034a1e4143df6e8c787165fbc2f

SHA256
86d9f822aeb989755fac82929e8db369b3f5f04117ef96fd76e3d5f920a501d2

SHA512
7b5c9783a0a14b600b156825639d24cbbc000f5066c48ce9fecc195255603fc55129aaaca336d7ce6ad4e941d5492b756562f2c7a1d151fcfc2dabac76f3946c

Download Submit
\??\pipe\LOCAL\crashpad_5248_GDBUSVYOFDMOOTEX

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2612-1039-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/2612-1050-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/2612-1051-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/2612-1040-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/2612-1041-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/2612-1045-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/2612-1049-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/2612-1048-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/2612-1046-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/2612-1047-0x000001F013360000-0x000001F013361000-memory.dmp

Filesize
4KB

Download
memory/5812-1558-0x00000287034A0000-0x0000028703BC9000-memory.dmp

Filesize
7.2MB

Download
memory/5812-1557-0x00000287034A0000-0x0000028703BC9000-memory.dmp

Filesize
7.2MB

Download

Resubmissions

Analysis

Sharing

Errors

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads