Analysis Overview
SHA256
507641e3047216809af93a127af70a266e273cd95c1cfaa06605a753b9166388
Threat Level: Shows suspicious behavior
The file Delta V3.61.zip was found to be: Shows suspicious behavior.
Malicious Activity Summary
Checks computer location settings
Detected potential entity reuse from brand microsoft.
Drops file in Windows directory
Unsigned PE
Program crash
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
Suspicious behavior: MapViewOfSection
Checks processor information in registry
Uses Task Scheduler COM API
Suspicious use of SetWindowsHookEx
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-05 21:10
Signatures
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-05 21:10
Reported
2024-05-05 21:13
Platform
win10-20240404-en
Max time kernel
95s
Max time network
96s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe | N/A |
Detected potential entity reuse from brand microsoft.
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 13f099d7309fda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 4bb0afd4309fda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Pack = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{779A51FE-6AB5-4A2B-8CF2-7ECDD102522F} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b5c2c2d4309fda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x10de\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\"" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListDOSTime = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Extensible Cache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-08760 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 63fddcd4309fda01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-3699363923-1875576828-3287151903-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\DynamicCodePolicy = 05000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe
"C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Delta.exe"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.0.142099759\1423442651" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1672 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c87c2f0c-b71e-4ac8-b0f0-bc57dd492174} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 1776 1cf7e4d7e58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.1.682231135\1480707746" -parentBuildID 20221007134813 -prefsHandle 2120 -prefMapHandle 2116 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {245c5cf9-a861-4ce1-b76e-1b006f27a5b4} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2132 1cf7dc30b58 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.2.814307154\472017727" -childID 1 -isForBrowser -prefsHandle 2872 -prefMapHandle 2744 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1e3f7cce-c848-4e0c-933c-64cabf388469} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 2868 1cf0259c758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.3.1807067987\870357290" -childID 2 -isForBrowser -prefsHandle 3316 -prefMapHandle 3312 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1b6dc505-98ae-483f-ba8b-9cfc189fffa6} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 3336 1cf00f27b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.4.1409437770\1595459255" -childID 3 -isForBrowser -prefsHandle 4324 -prefMapHandle 4320 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cef37078-2a10-4bd3-863a-5de2feb7f946} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4256 1cf0456ba58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.5.294704657\804439644" -childID 4 -isForBrowser -prefsHandle 4796 -prefMapHandle 4268 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9dba6591-67f4-4032-b81c-30c51cb732f2} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4804 1cf049c3458 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.6.549382740\1361866971" -childID 5 -isForBrowser -prefsHandle 4948 -prefMapHandle 4952 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ea859d08-7b4f-4c91-90fa-bf538a49d6ae} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 4940 1cf049c4358 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.7.349576314\1617734723" -childID 6 -isForBrowser -prefsHandle 5128 -prefMapHandle 5132 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {91a51f4e-78e8-422e-b02f-37ed958b35f2} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5116 1cf049c4958 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.8.1640631127\1641146351" -childID 7 -isForBrowser -prefsHandle 5836 -prefMapHandle 5832 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {00438e49-711a-4bb2-abc8-336276942cef} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5820 1cf06539258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.9.2086516679\607050455" -childID 8 -isForBrowser -prefsHandle 4940 -prefMapHandle 9668 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {eaf9d8e4-0ab1-42c6-b1d1-236999006b22} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9640 1cf076d6358 tab
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0xf8
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.10.1038501373\402664165" -childID 9 -isForBrowser -prefsHandle 9396 -prefMapHandle 9492 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f802599b-1fff-4e68-9fe6-6520ea9f287a} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9440 1cf047f1758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.11.1213085607\1418521765" -childID 10 -isForBrowser -prefsHandle 9488 -prefMapHandle 9248 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3681ed0b-508f-4f7f-81c9-cc143b7ee86c} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9264 1cf06b3ec58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.12.2017631619\936718831" -childID 11 -isForBrowser -prefsHandle 9064 -prefMapHandle 9060 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9d49900e-2438-41f5-8713-d9453e8f904d} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9068 1cf06def758 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.13.1757163963\1201997898" -childID 12 -isForBrowser -prefsHandle 8988 -prefMapHandle 9080 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f54d6d86-1659-4454-9205-5ac362060143} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9432 1cf06b3ec58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.14.509355392\716056842" -childID 13 -isForBrowser -prefsHandle 8840 -prefMapHandle 8812 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {04ad29a7-d17b-4d61-bdb0-760bb74735c9} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9156 1cf06d43e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.15.2077328623\1138555563" -childID 14 -isForBrowser -prefsHandle 8988 -prefMapHandle 5088 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0233109a-57a3-4b86-9be0-f27066b5e74a} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 5424 1cf06d43558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5084.16.1186719659\508581241" -childID 15 -isForBrowser -prefsHandle 9408 -prefMapHandle 9588 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1284 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {c54b8ba9-e19e-4b76-8d3b-a353a26a0fd7} 5084 "\\.\pipe\gecko-crash-server-pipe.5084" 9484 1cf06d44d58 tab
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | gitlab.com | udp |
| US | 172.65.251.78:443 | gitlab.com | tcp |
| US | 8.8.8.8:53 | discord.gg | udp |
| US | 8.8.8.8:53 | 78.251.65.172.in-addr.arpa | udp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 162.159.136.234:443 | discord.gg | tcp |
| US | 8.8.8.8:53 | 234.136.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.msn.com | udp |
| US | 8.8.8.8:53 | assets.msn.com | udp |
| US | 2.16.106.140:443 | assets.msn.com | tcp |
| US | 2.16.106.140:443 | assets.msn.com | tcp |
| US | 2.16.106.140:443 | assets.msn.com | tcp |
| US | 2.16.106.140:443 | assets.msn.com | tcp |
| US | 8.8.8.8:53 | 140.106.16.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 44.239.14.124:443 | shavar.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49886 | tcp | |
| US | 8.8.8.8:53 | 124.14.239.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:49892 | tcp | |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 128.116.99.4:80 | roblox.com | tcp |
| US | 128.116.99.4:80 | roblox.com | tcp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 8.8.8.8:53 | roblox.com | udp |
| US | 128.116.99.4:443 | roblox.com | tcp |
| US | 8.8.8.8:53 | www.roblox.com | udp |
| US | 8.8.8.8:53 | 4.99.116.128.in-addr.arpa | udp |
| GB | 128.116.119.4:443 | www.roblox.com | tcp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-default-px.roblox.com | udp |
| GB | 128.116.119.4:443 | us-central-default-px.roblox.com | udp |
| US | 8.8.8.8:53 | css.rbxcdn.com | udp |
| US | 8.8.8.8:53 | static.rbxcdn.com | udp |
| US | 2.18.190.70:443 | static.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | a1992.w27.akamai.net | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 2.18.190.79:443 | css.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | a1962.dscw27.akamai.net | udp |
| US | 8.8.8.8:53 | js.rbxcdn.com | udp |
| US | 8.8.8.8:53 | images.rbxcdn.com | udp |
| US | 8.8.8.8:53 | a1992.w27.akamai.net | udp |
| US | 8.8.8.8:53 | a1962.dscw27.akamai.net | udp |
| HR | 65.9.25.2:443 | js.rbxcdn.com | tcp |
| HR | 65.9.25.2:443 | js.rbxcdn.com | tcp |
| HR | 65.9.25.2:443 | js.rbxcdn.com | tcp |
| HR | 65.9.25.2:443 | js.rbxcdn.com | tcp |
| HR | 65.9.25.2:443 | js.rbxcdn.com | tcp |
| HR | 65.9.25.2:443 | js.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 8.8.8.8:53 | dw04ej0wrfjel.cloudfront.net | udp |
| US | 8.8.8.8:53 | dapx4swc8lj69.cloudfront.net | udp |
| US | 128.116.99.4:443 | roblox.com | udp |
| HR | 65.9.25.71:443 | dapx4swc8lj69.cloudfront.net | tcp |
| US | 8.8.8.8:53 | 4.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 70.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.25.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 71.25.9.65.in-addr.arpa | udp |
| US | 8.8.8.8:53 | metrics.roblox.com | udp |
| US | 8.8.8.8:53 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | apis.rbxcdn.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 2.18.190.83:443 | apis.rbxcdn.com | tcp |
| US | 8.8.8.8:53 | a1818.b.akamai.net | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | tcp |
| US | 8.8.8.8:53 | a1818.b.akamai.net | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | udp |
| GB | 128.116.119.4:443 | apis.roblox.com | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 83.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ecsv2.roblox.com | udp |
| GB | 128.116.119.3:443 | ecsv2.roblox.com | tcp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| US | 8.8.8.8:53 | us-central-origin-px.roblox.com | udp |
| GB | 128.116.119.3:443 | us-central-origin-px.roblox.com | udp |
| US | 8.8.8.8:53 | 3.119.116.128.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.21.17.194:443 | www.microsoft.com | tcp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e13678.dscb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | 194.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | xbox.com | udp |
| NL | 20.76.201.171:443 | xbox.com | tcp |
| US | 8.8.8.8:53 | xbox.com | udp |
| US | 8.8.8.8:53 | xbox.com | udp |
| US | 8.8.8.8:53 | www.xbox.com | udp |
| BE | 23.55.96.62:80 | www.xbox.com | tcp |
| US | 8.8.8.8:53 | e1822.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e1822.dsca.akamaiedge.net | udp |
| BE | 23.55.96.62:443 | e1822.dsca.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | 62.96.55.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.201.76.20.in-addr.arpa | udp |
| BE | 23.55.96.62:443 | e1822.dsca.akamaiedge.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| BE | 2.21.17.194:443 | e13678.dscb.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | assets-www.xbox.com | udp |
| US | 8.8.8.8:53 | assets.adobedtm.com | udp |
| BE | 23.55.96.62:443 | assets-www.xbox.com | tcp |
| BE | 23.55.96.62:443 | assets-www.xbox.com | tcp |
| BE | 23.55.96.62:443 | assets-www.xbox.com | tcp |
| BE | 23.55.96.62:443 | assets-www.xbox.com | tcp |
| BE | 23.55.96.62:443 | assets-www.xbox.com | tcp |
| BE | 23.55.96.62:443 | assets-www.xbox.com | tcp |
| US | 8.8.8.8:53 | store-images.microsoft.com | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | tcp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | wcpstatic.microsoft.com | udp |
| BE | 2.21.17.194:443 | e13678.dscb.akamaiedge.net | tcp |
| US | 8.8.8.8:53 | mem.gfx.ms | udp |
| US | 23.53.113.19:443 | assets.adobedtm.com | tcp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | e7808.dscg.akamaiedge.net | udp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 13.107.246.64:443 | mem.gfx.ms | tcp |
| US | 8.8.8.8:53 | a1449.dscg2.akamai.net | udp |
| US | 8.8.8.8:53 | e12564.dspb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e12564.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 8.8.8.8:53 | e12564.dspb.akamaiedge.net | udp |
| US | 8.8.8.8:53 | e12564.dscg.akamaiedge.net | udp |
| US | 8.8.8.8:53 | part-0036.t-0009.t-msedge.net | udp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 23.53.113.192:443 | e12564.dscg.akamaiedge.net | tcp |
| BE | 23.55.96.62:443 | assets-www.xbox.com | udp |
| US | 8.8.8.8:53 | 14.25.17.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 19.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 64.246.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.17.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 192.113.53.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 49.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | js.monitor.azure.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 13.107.246.64:443 | js.monitor.azure.com | tcp |
| IE | 20.190.159.73:443 | login.microsoftonline.com | tcp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| BE | 23.55.96.62:443 | assets-www.xbox.com | udp |
| US | 8.8.8.8:53 | www.tm.ak.prd.aadg.trafficmanager.net | udp |
| US | 8.8.8.8:53 | www.clarity.ms | udp |
| US | 13.107.246.64:443 | www.clarity.ms | tcp |
| BE | 23.55.96.62:443 | assets-www.xbox.com | tcp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 8.8.8.8:53 | 73.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | clarity-ingest-eus2-e-sc.eastus2.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | emerald.xboxservices.com | udp |
| US | 13.107.246.64:443 | emerald.xboxservices.com | tcp |
| US | 13.107.246.64:443 | emerald.xboxservices.com | tcp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 52.168.117.175:443 | browser.events.data.microsoft.com | tcp |
| US | 52.168.117.175:443 | browser.events.data.microsoft.com | tcp |
| US | 8.8.8.8:53 | onedscolprdeus19.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdeus19.eastus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | 119.190.114.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 175.117.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | logincdn.msftauth.net | udp |
| US | 8.8.8.8:53 | cs1227.wpc.alphacdn.net | udp |
| US | 192.229.221.185:443 | cs1227.wpc.alphacdn.net | tcp |
| US | 192.229.221.185:443 | cs1227.wpc.alphacdn.net | tcp |
| US | 8.8.8.8:53 | cs1227.wpc.alphacdn.net | udp |
| US | 8.8.8.8:53 | 185.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | x.clarity.ms | udp |
| US | 20.114.190.119:443 | x.clarity.ms | tcp |
| US | 104.17.25.14:443 | cdnjs.cloudflare.com | udp |
| US | 8.8.8.8:53 | browser.events.data.microsoft.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus02.westus.cloudapp.azure.com | udp |
| US | 8.8.8.8:53 | onedscolprdwus02.westus.cloudapp.azure.com | udp |
| IE | 20.190.159.73:443 | www.tm.ak.prd.aadg.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | www.tm.v4.a.prd.aadg.akadns.net | udp |
| US | 192.229.221.185:443 | cs1227.wpc.alphacdn.net | tcp |
| US | 20.189.173.3:443 | onedscolprdwus02.westus.cloudapp.azure.com | tcp |
| US | 8.8.8.8:53 | onedscolprdwus02.westus.cloudapp.azure.com | udp |
Files
memory/212-0-0x0000000073DCE000-0x0000000073DCF000-memory.dmp
memory/212-1-0x00000000002B0000-0x00000000013B6000-memory.dmp
memory/212-2-0x0000000073DC0000-0x00000000744AE000-memory.dmp
memory/212-3-0x0000000005CE0000-0x0000000005CE8000-memory.dmp
memory/212-4-0x0000000005E40000-0x0000000005E78000-memory.dmp
memory/212-5-0x0000000005F30000-0x0000000005FE0000-memory.dmp
memory/212-6-0x0000000006360000-0x00000000063D6000-memory.dmp
memory/212-9-0x00000000064E0000-0x0000000006502000-memory.dmp
memory/212-10-0x0000000006510000-0x000000000652E000-memory.dmp
memory/212-11-0x00000000069C0000-0x0000000006D10000-memory.dmp
memory/212-12-0x0000000006E30000-0x0000000006ECC000-memory.dmp
memory/212-13-0x0000000073DC0000-0x00000000744AE000-memory.dmp
memory/212-14-0x0000000073DC0000-0x00000000744AE000-memory.dmp
memory/212-15-0x000000000B970000-0x000000000B978000-memory.dmp
memory/212-19-0x000000000ED10000-0x000000000F20E000-memory.dmp
memory/212-20-0x000000000CD00000-0x000000000CD92000-memory.dmp
memory/5100-22-0x000001D7E0B20000-0x000001D7E0B30000-memory.dmp
memory/5100-38-0x000001D7E0C20000-0x000001D7E0C30000-memory.dmp
memory/5100-57-0x000001D7DDF40000-0x000001D7DDF42000-memory.dmp
memory/4256-65-0x000001FF88600000-0x000001FF88700000-memory.dmp
memory/4256-67-0x000001FF88600000-0x000001FF88700000-memory.dmp
memory/436-86-0x000002B581C00000-0x000002B581D00000-memory.dmp
memory/212-89-0x0000000073DCE000-0x0000000073DCF000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFCA47FD0DAD7E21B5.TMP
| MD5 | 698d52f074e9666451f29a1452c18246 |
| SHA1 | a459a88000a455ac6f104594914d9acb9cac6bd7 |
| SHA256 | b678b75a2a93753d2343db077d66cade959fe192b6d75fad34ddd536c4f0dca1 |
| SHA512 | ee2412b7bbe006523530b5bd8bf2cee79fd365cde83b269bffe29ecec31741b89ce6eced9beefe7c271445bd69e8d55d7b44a762b9d2a7da504ef8e5edaa4c00 |
memory/5100-95-0x000001D7DDFD0000-0x000001D7DDFD2000-memory.dmp
memory/5100-98-0x000001D7DDF70000-0x000001D7DDF71000-memory.dmp
memory/5100-102-0x000001D7DDF30000-0x000001D7DDF31000-memory.dmp
memory/212-106-0x0000000073DC0000-0x00000000744AE000-memory.dmp
memory/212-107-0x0000000073DC0000-0x00000000744AE000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\db\data.safe.bin
| MD5 | bcd8470ec0dc30e9f45094993d896776 |
| SHA1 | aeb23881152173526b8e92c4fc36be454a35e696 |
| SHA256 | 50717ee848ebcb6fd05870b832798abcd8b1c27f5336f7112193c5c299320b4f |
| SHA512 | 9a070a216a6477d3eb4c76859c9f4f08345a54ca0ce2fd8ae5ecf07dfdab4596053b057da716d6f4c0d5cb95ac463be190a5651fa29fafe00ea5198ed33e39aa |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\49fcfdcc-56a0-4621-bfd3-9fa3b25247a1
| MD5 | 2a62d7a7c3e6a07064b514b540bd8491 |
| SHA1 | bf25451f7b74ec67105baacb85852bc9ac9dcc57 |
| SHA256 | c8ae6a42c2b7c4e1bfb8923fe29a046b26ec7682badbb93bfa81016e1c91aa23 |
| SHA512 | 9d2b7df84724e359cf233bf4933c4e4ad57bebb53a27eb78733126fe420a9842454b2caf2299ccb76531318859465bcb5a0be31226ded01648945a5dd515f39c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\datareporting\glean\pending_pings\f9da9adc-4f8b-49f9-ad80-bd0c68ef4eb3
| MD5 | efdddf085866d7c3f6949949dde03201 |
| SHA1 | ffc6a3c124912623d68c06f9b2e269b54c485f82 |
| SHA256 | 022ca06a1e7be58f155014e29d943ec3fc69f932b4cb7baa49d9aa56e6abfa1e |
| SHA512 | 3449c66e8f60f8588aee17ab051e43d4d296e7fb51276c7497d47fd4b2276a251aa57ed23d0e80069c594684d2da2ede8b46f13da5794c8939bb4c7e3a5ea2f3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | cd8e3413f6cd437674fd43a27ec62ba2 |
| SHA1 | 44c6fdf1971a385326b106413a41a3cc5f0e4ed6 |
| SHA256 | 2361b737f1667d850c493c4659b7fcc01ca63037465ce17013e45fde87a30ccd |
| SHA512 | 9b9baab803c446b041814102589481d8b834c349cde98b55fc52a5dcf4e777acf702c48099eede91f95dc13ded89933866fdd9cf91b2222e046cb1c5b03289f2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\prefs-1.js
| MD5 | 5d16583050e72274649d5616b20575a6 |
| SHA1 | 1f795ae43ee31e8a8a7dc0feb2f86ece333b6a50 |
| SHA256 | cedf2468eb34aea772989534bf1c5de8111878708d4d53f246155a7b699f2a1c |
| SHA512 | 1eea8339ac1702d78c856823960c474acc826563fc9f89ee7230dd616ae43eb3fe842ab99f59dca68e12d08838bafc3cf90dd54e2a1a779735a41efbc554070b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\storage\default\https+++www.xbox.com\idb\3155603766SrterledanmaCHlgioeLn.sqlite
| MD5 | 6d623d0ef3db15a0d9b857df6ef1d849 |
| SHA1 | e03985d6c8b69c3a904fc25ec9047fd58f729b2b |
| SHA256 | 92d89ce5a95e04af1a4be83374f20fbb5cea9b4942c7ee16182bf53345ccc42b |
| SHA512 | 9faa28d1e1c8fb7a486e6e3036c1ce21ba435c915880bc4736aa18018661f398f62c99743eeea2bc9d51c7d36cf2d9950d453151992a4993cefb5fe681addde8 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d225f0b4432876d79b880502fdc95ce5 |
| SHA1 | 0b75b61aea654df0c2153d90ec72522b13734162 |
| SHA256 | 22d9a5fae58bfbe4d0b06a04c002c96d3bef5562f7eebfdf2a4a99171adbb637 |
| SHA512 | c122f423af2282c1336f40361557dbfd4b847c4af4914bdf6c6c10f8d0af5fa92de5c8066edbb40cc23927fb999ce2de4c489474f4cb593ecf0cc2b274c0089f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionstore.jsonlz4
| MD5 | e466cd787ad0221ba824dd289e7def97 |
| SHA1 | 29fb0236f838b100d72c6c34044c17c3c5c20cd0 |
| SHA256 | 6d79470c67592312561a3759414ea1f9c6ec934895fdbbea812a952ae983cae3 |
| SHA512 | 6bea789eb24bc3c8900aeb9047c4b9adb3fcfb892d03a4ce3ce972934f5ab7dd3d933ea0bae527052cca42696c874766a6025501977fe4ca77efbf2cea7aca61 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\je1358xf.default-release\sessionCheckpoints.json.tmp
| MD5 | e6c20f53d6714067f2b49d0e9ba8030e |
| SHA1 | f516dc1084cdd8302b3e7f7167b905e603b6f04f |
| SHA256 | 50a670fb78ff2712aae2c16d9499e01c15fddf24e229330d02a69b0527a38092 |
| SHA512 | 462415b8295c1cdcac0a7cb16bb8a027ef36ae2ce0b061071074ac3209332a7eae71de843af4b96bbbd6158ca8fd5c18147bf9a79b8a7768a9a35edce8b784bf |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-05 21:10
Reported
2024-05-05 21:14
Platform
win10-20240404-en
Max time kernel
133s
Max time network
135s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\ICSharpCode.AvalonEdit.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 19.229.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.8.0.8.0.8.0.8.0.ip6.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral3
Detonation Overview
Submitted
2024-05-05 21:10
Reported
2024-05-05 21:14
Platform
win10-20240404-en
Max time kernel
133s
Max time network
135s
Command Line
Signatures
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\Newtonsoft.Json.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 79.190.18.2.in-addr.arpa | udp |
Files
Analysis: behavioral4
Detonation Overview
Submitted
2024-05-05 21:10
Reported
2024-05-05 21:14
Platform
win10-20240404-en
Max time kernel
134s
Max time network
136s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5100 wrote to memory of 5112 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5100 wrote to memory of 5112 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5100 wrote to memory of 5112 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\590.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\590.dll",#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 5112 -s 724
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 66.43.201.23.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.173.189.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
Files
memory/5112-0-0x0000000000E10000-0x0000000000E11000-memory.dmp
Analysis: behavioral5
Detonation Overview
Submitted
2024-05-05 21:10
Reported
2024-05-05 21:14
Platform
win10-20240404-en
Max time kernel
134s
Max time network
136s
Command Line
Signatures
Program crash
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\WerFault.exe | C:\Windows\SysWOW64\rundll32.exe |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 4184 wrote to memory of 4628 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4184 wrote to memory of 4628 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 4184 wrote to memory of 4628 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\592.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\592.dll",#1
C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -u -p 4628 -s 724
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 64.43.201.23.in-addr.arpa | udp |
| US | 52.111.227.14:443 | tcp | |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
Files
memory/4628-0-0x0000000000CF0000-0x0000000000CF1000-memory.dmp
Analysis: behavioral6
Detonation Overview
Submitted
2024-05-05 21:10
Reported
2024-05-05 21:14
Platform
win10-20240404-en
Max time kernel
134s
Max time network
144s
Command Line
Signatures
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\rundll32.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 5076 wrote to memory of 4968 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5076 wrote to memory of 4968 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
| PID 5076 wrote to memory of 4968 | N/A | C:\Windows\system32\rundll32.exe | C:\Windows\SysWOW64\rundll32.exe |
Processes
C:\Windows\system32\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\Fluxteam_net_API.dll",#1
C:\Windows\SysWOW64\rundll32.exe
rundll32.exe "C:\Users\Admin\AppData\Local\Temp\Delta V3.61\bin\Fluxteam_net_API.dll",#1
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 11.227.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 88.16.208.104.in-addr.arpa | udp |
Files
memory/4968-1-0x00000000738F0000-0x0000000074278000-memory.dmp
memory/4968-0-0x00000000031C0000-0x00000000031C1000-memory.dmp
memory/4968-2-0x00000000738F6000-0x0000000073C4A000-memory.dmp
memory/4968-3-0x00000000738F0000-0x0000000074278000-memory.dmp