c1bc0af0c55281609ceb3d51ca277ccc703b7b9acaef219a8dd22933c0ad3ff0

Analysis

max time kernel
63s
max time network
73s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
11/05/2024, 07:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MADARA.exe
Size

699KB
MD5

6f6809f59effeb683bf84b15dcf1c2c1
SHA1

100ba07752ecce8c98b980de2d6848445f058a0c
SHA256

c1bc0af0c55281609ceb3d51ca277ccc703b7b9acaef219a8dd22933c0ad3ff0
SHA512

ba2fd5746475398d59bfec006e036feaf4ffaf73d17698c02b16766a1e85bb590eb02f9f9a80cd04e54f828de2b32c18b3fe2ba4dbff634ddaba1f7f066bc56f
SSDEEP

12288:Kh1Lk70TnvjcHW06BoF6NobATJlLY8/zm58Iz/fFOeDDtZINWXKSaQA:uk70Trcd46bClh8z/9VDfc0KfQA

Score

7^/10

Malware Config

Signatures

.NET Reactor proctector 35 IoCs

Detects an executable protected by an unregistered version of Eziriz's .NET Reactor.

resource	yara_rule
behavioral1/memory/2764-1-0x0000000004CA0000-0x0000000004D6C000-memory.dmp	net_reactor
behavioral1/memory/2764-4-0x0000000004BD0000-0x0000000004C98000-memory.dmp	net_reactor
behavioral1/memory/2764-24-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-32-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-52-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-71-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-69-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-67-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-64-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-62-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-60-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-58-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-56-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-54-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-50-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-48-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-46-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-44-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-42-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-40-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-38-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-36-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-34-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-30-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-28-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-26-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-22-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-20-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-19-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-16-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-14-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-12-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-11-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-8-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor
behavioral1/memory/2764-7-0x0000000004BD0000-0x0000000004C94000-memory.dmp	net_reactor

Checks computer location settings 2 TTPs 1 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Control Panel\International\Geo\Nation	MADARA.exe

Drops file in Windows directory 8 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingDelete\C:\Users\Admin\AppData\Local\Packa = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{A8A88C49-5EB2-4990-A1A2-087602 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 08bb5bce73a3da01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 86fdf6cb73a3da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ServiceUI\IsSignedIn = "0"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\DynamicCodePolicy = 00000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\Main	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\DynamicCodePolicy = 05000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 9e2e17d073a3da01	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modify = "1"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus\ACGPolicyState = "6"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DeviceId = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\ClearBrowsingHistoryOnStart = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "262144"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-160447019-1232603106-4168707212-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\IETld\LowMic	MicrosoftEdge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2764	MADARA.exe

Suspicious behavior: MapViewOfSection 6 IoCs

pid	Process
516	MicrosoftEdgeCP.exe
516	MicrosoftEdgeCP.exe
516	MicrosoftEdgeCP.exe
516	MicrosoftEdgeCP.exe
2212	MicrosoftEdgeCP.exe
2212	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 9 IoCs

description	pid	Process
Token: SeDebugPrivilege	2764	MADARA.exe
Token: SeDebugPrivilege	1348	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1348	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1348	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1348	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4152	MicrosoftEdge.exe
Token: SeDebugPrivilege	4152	MicrosoftEdge.exe
Token: SeDebugPrivilege	768	firefox.exe
Token: SeDebugPrivilege	768	firefox.exe

Suspicious use of FindShellTrayWindow 4 IoCs

pid	Process
768	firefox.exe
768	firefox.exe
768	firefox.exe
768	firefox.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
768	firefox.exe
768	firefox.exe
768	firefox.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
4152	MicrosoftEdge.exe
516	MicrosoftEdgeCP.exe
1348	MicrosoftEdgeCP.exe
516	MicrosoftEdgeCP.exe
3460	MicrosoftEdgeCP.exe
4336	MicrosoftEdge.exe
2212	MicrosoftEdgeCP.exe
2212	MicrosoftEdgeCP.exe
768	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 516 wrote to memory of 1472	516	MicrosoftEdgeCP.exe	77
PID 516 wrote to memory of 1472	516	MicrosoftEdgeCP.exe	77
PID 516 wrote to memory of 1472	516	MicrosoftEdgeCP.exe	77
PID 516 wrote to memory of 1472	516	MicrosoftEdgeCP.exe	77
PID 516 wrote to memory of 1472	516	MicrosoftEdgeCP.exe	77
PID 516 wrote to memory of 1472	516	MicrosoftEdgeCP.exe	77
PID 2212 wrote to memory of 4448	2212	MicrosoftEdgeCP.exe	82
PID 2212 wrote to memory of 4448	2212	MicrosoftEdgeCP.exe	82
PID 2212 wrote to memory of 4448	2212	MicrosoftEdgeCP.exe	82
PID 2212 wrote to memory of 4448	2212	MicrosoftEdgeCP.exe	82
PID 2212 wrote to memory of 4448	2212	MicrosoftEdgeCP.exe	82
PID 2212 wrote to memory of 4448	2212	MicrosoftEdgeCP.exe	82
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 4880 wrote to memory of 768	4880	firefox.exe	85
PID 768 wrote to memory of 2856	768	firefox.exe	86
PID 768 wrote to memory of 2856	768	firefox.exe	86
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87
PID 768 wrote to memory of 4372	768	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Users\Admin\AppData\Local\Temp\MADARA.exe
"C:\Users\Admin\AppData\Local\Temp\MADARA.exe"
1⤵
- Checks computer location settings
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
PID:2764

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4152

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:876

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:516

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:1348

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:1472

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:3460

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:4336

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:4120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2212

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4448

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:4880
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:768
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.0.1161440639\1934544269" -parentBuildID 20221007134813 -prefsHandle 1704 -prefMapHandle 1700 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e1126589-d73c-4e19-8203-675ffefe07d5} 768 "\\.\pipe\gecko-crash-server-pipe.768" 1780 14cbb6d7858 gpu
    3⤵
    PID:2856
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.1.662551489\685721221" -parentBuildID 20221007134813 -prefsHandle 2124 -prefMapHandle 2120 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f473e801-650c-4774-a497-aea2000496dd} 768 "\\.\pipe\gecko-crash-server-pipe.768" 2136 14cbb231758 socket
    3⤵
    - Checks processor information in registry
    PID:4372
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.2.684434226\1636431594" -childID 1 -isForBrowser -prefsHandle 3060 -prefMapHandle 3268 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e4874f7f-afc2-4d6b-b3bb-9ef21862dcd2} 768 "\\.\pipe\gecko-crash-server-pipe.768" 2800 14cbf7e2858 tab
    3⤵
    PID:4628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.3.668903737\1158610799" -childID 2 -isForBrowser -prefsHandle 3424 -prefMapHandle 3420 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7b4c3985-7bf7-4d70-9131-5d00b233b83a} 768 "\\.\pipe\gecko-crash-server-pipe.768" 3448 14cbe19b258 tab
    3⤵
    PID:32
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.4.1559353942\110528895" -childID 3 -isForBrowser -prefsHandle 4088 -prefMapHandle 4008 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a6b7183-a458-49c7-a6d8-33aac6670fc9} 768 "\\.\pipe\gecko-crash-server-pipe.768" 4112 14cc087b758 tab
    3⤵
    PID:3064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.5.1067715305\1336353821" -childID 4 -isForBrowser -prefsHandle 4812 -prefMapHandle 4784 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {2e8b6133-4e11-4740-80ea-40593a58620b} 768 "\\.\pipe\gecko-crash-server-pipe.768" 4820 14cc087db58 tab
    3⤵
    PID:1488
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.6.1032773784\1454914876" -childID 5 -isForBrowser -prefsHandle 4980 -prefMapHandle 4984 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d518273c-76e4-4779-914e-8892d41a5dc6} 768 "\\.\pipe\gecko-crash-server-pipe.768" 4972 14cc1afc858 tab
    3⤵
    PID:4228
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.7.63775931\563914877" -childID 6 -isForBrowser -prefsHandle 5164 -prefMapHandle 5168 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e9ba0e67-a887-4cfa-b174-a35bdab78b7b} 768 "\\.\pipe\gecko-crash-server-pipe.768" 5156 14cc1afc558 tab
    3⤵
    PID:2124
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.8.580751039\806733466" -childID 7 -isForBrowser -prefsHandle 5540 -prefMapHandle 5808 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {ed2ac3f9-e686-4663-ab28-63299428db9e} 768 "\\.\pipe\gecko-crash-server-pipe.768" 5832 14cc3fedb58 tab
    3⤵
    PID:5664
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.9.458188679\561635439" -parentBuildID 20221007134813 -prefsHandle 6840 -prefMapHandle 5540 -prefsLen 26424 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {142d462e-407e-4e11-8ece-621a717d7ec0} 768 "\\.\pipe\gecko-crash-server-pipe.768" 6048 14cc40c2358 rdd
    3⤵
    PID:5704
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="768.10.987902545\1806991945" -childID 8 -isForBrowser -prefsHandle 9832 -prefMapHandle 9860 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cecfbc9f-1ced-49ae-87f2-e9343047e3f3} 768 "\\.\pipe\gecko-crash-server-pipe.768" 9856 14cbe6fdc58 tab
    3⤵
    PID:6132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\KCGDB1QG\favicon[1].svg

Filesize
2KB

MD5
45cf581d4e82f35461739fbaa8cb59f2

SHA1
05bac59a79392ad4f4257bb9f71011460d0309f3

SHA256
53530b446ac1c0b52f16be45898eed9997f05a2f2441deed69922409a1fa4bfd

SHA512
aeacb64b4a2eb1b124473719e51716887559d8cbf31bfe49ec63bbc0fabb04212c19adc48fab4cfe9d3fa9a1e1ad4c6f22279fb66cc0b36d6a7931ea9e217366

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\OGLYCD4S\favicon[1].ico

Filesize
33KB

MD5
a3744605defc9be34f55f5ea49d56587

SHA1
65e59f84fde2b5b705ac6ce236b0989a0c541b54

SHA256
aefd76f9f02f35cb2f6e7f512ab157f44474a1a8b0b869590e7b602ef3e87af2

SHA512
fbcaeb584419a37f1cac73541198dd2f87c38a40792f07af9f9aa18d22573e132d5fa6a9276edc377129e8ddfda560995d8a56adb9f1dd4dd6f0a10cd6108337

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
cf14c48dd9d1feeb91e8f687088740bd

SHA1
fe3d404433fd30f1c2457aa0d2149a2e7d5856d0

SHA256
01521dfb80b6858e71fa5b452a7fa261030ff2ce30142fc428c189e8c1f16d5f

SHA512
a07f43cb24d661d606ba26db5b6513f9e8f0d0cda6660f301874de82dd4b5a7ebbce93167e39069665705b86fc61fd7a2021488d2b6645d426961485fb5841a4

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\itv2p09\imagestore.dat

Filesize
42KB

MD5
93800f2b1424af1c858684d266ecdaac

SHA1
3f638ffbbbf467297712bd7ad5f4a23eab65d95d

SHA256
be2534572c366191849ca81dfe25e672081a7025ab84507df865e427a7bdaaf1

SHA512
d1fae1d62713b21d7cdacba00d36c1fc2e27ed1d37121077747979f85c3bd60eb78fef7fc28dcf88e774b4e559ba14a1aaf4719ef4e7df0095a9e3e3c5058f90

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DF249DA4E78676F7BB.TMP

Filesize
16KB

MD5
59caf0d90e87a44ebbcac8a277c1ad5b

SHA1
897f7de485b6381e243ba66e78c6513296a9c22c

SHA256
ad467236abb5a094eee15d138470de8420b3fe116a912d612863371fdfaac227

SHA512
af89b1be2643c60f44f74eb4b92880aa309241058c9aaa8f34609eaf728751f87870ceaad512cabe3e2ed789f3bc7447c1826292322113ef553d55e79b81b28e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLGUFU1D\creative-bloq-290920221002[1].svg

Filesize
9KB

MD5
177273de07260e6517c3a1a27df6f5a2

SHA1
be24ca001eb64c968235ccd88ff4b499eb772f09

SHA256
ac933042373c0d27422764908dafaeb1e119b3a5c49682c47ba31d723726f377

SHA512
8dd0e467fc5798df8986278713ad321c7098b5e263e8dd5678905ec7ac9418e15dd129826234c91760cfb749aa93940bf7b59f4926be6acca204e7bd4407bc82

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLGUFU1D\digitalarts-editors-choice-090520190839[1].svg

Filesize
10KB

MD5
29ae3a5cd0f49668fafd4cc2464d65d3

SHA1
08300fea69b4f477dee4dec2f5eaf3eef0e5cad7

SHA256
ac0d195fe975e84b10492451111e09b9253ef53fa708530b4c76a53770392985

SHA512
f07aed8f15940724f9aa93a82ea753dd9d70e33360f0402a49617e2696a662a3d94da85ebcd18bb4b7e9e1bf0ae4028d3d4959b0796cca9d63ab4f4c43cf680d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLGUFU1D\en-gb[1].htm

Filesize
74KB

MD5
153d292df41f8a38d4e07cc2bba83795

SHA1
643c3370fe850c308e60a53fd678bb05cd15a745

SHA256
1f88980f51ba86503b7ce2fb1fa3d82faf8e5d454f7f1d65793ca43396df71fc

SHA512
92c3fe27999bf4938ba7aa1fba9c2457c28c5e68e3b05c283423c4628613e6c088630ad450d3765efbae259019b5b52c09e5ac6f27bde917e689556a95ba3ed8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLGUFU1D\pcpro-app-of-year-090520190839[1].svg

Filesize
5KB

MD5
94ac4d92bede036e978c8dbac729ce2b

SHA1
7c39ec90dfaa92ccd8834342497475603043e88f

SHA256
fa8ceabc97f3c10e529b9a6ac35a9915f49475a12cb2e4b47682b2182383d809

SHA512
941a852f9135887bfe6e73a3da6d8d49f3c4688d8a122ad2452b43920e1b068bb882bce665cf3884272a98617d4152409f0ed14192fa32c2c89ef48ab8422a06

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLGUFU1D\photo-news-award-090520190839[1].svg

Filesize
1KB

MD5
d5afe9bee3b2c2e07ea6c80f5de9ca16

SHA1
670d4663b310878cf6b8dd0141c91a43da33a447

SHA256
c208cf728e8b67d3d1a72a395dffe264bc68c622c20e0487c988376f68cf66bb

SHA512
7c3de4c0ab3bab6179dad2145dc683991b8a14f712619fcc9477871966d392bb491887060335d90e0944920cf371c3f56374cb485508f9007d7ce3cc0752d17c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HLGUFU1D\windows-developer-award-090520190839[1].svg

Filesize
18KB

MD5
702bb1bab6d99d900b74fc34f550adc8

SHA1
86409b0963b1e529f1afc28df0ba1d2eb8cc7b93

SHA256
8f662ab88e0bc026d9d60b78efbfe8a17bef233fc993109ab1bd9e498bc74571

SHA512
4bcf2bd2ab6976609d5edb9473db9439398896c55e299a1aedc6b92a0c07a3ebb5cc6fed1a27a2d55a17164ca66f4db01045054f4b7fdcfcf99ae2ed335a67d3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M1K892EY\apple-design-award-090520190839[1].svg

Filesize
5KB

MD5
38e5a7f0c43bd0fcf263b8ae9da4bfd7

SHA1
c316dd43a55e2416bc6d589c5a1a76e3a01625f8

SHA256
5a83f9c9c4c89ef4f363d79749a92307c94c7326307a6fa7290712217eb14e1b

SHA512
63a31c8f7a08e9008bd627402cca21c335a98eab02b886691fb16774a5cadfdfbbf8fdcdb8af87c35380124a30d171a197277e70777e79ac11aedf8eb1b532da

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M1K892EY\home-tiger-3-060220241120--md@2x[1].webp

Filesize
15KB

MD5
7997393376893b31b8584f96b0f3c851

SHA1
73b776b74bb0438ccacb1ecd144192b18e49c0c0

SHA256
4ec4b530dcb7aa893711208702b6be3c0ac2a034eaeee93e47f11c78bc6bef1d

SHA512
b958d8b50f9890d5651aaab43d32491e7602addd297e2fc417f40d2c56648f8613574f528531aff7e4becc6d0194bac62f919e76728c2209f5818dc68b105f61

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M1K892EY\photo-amateur-award-210320231039[1].svg

Filesize
38KB

MD5
c6b516290d5e97cc352e6a3cae9ec4a9

SHA1
ae45bc32be5e090b67ad159988ef76bfda363503

SHA256
636afbe838ce5d07cb9e2b8d38fc663dd75e2c9539cce28ac8046bb2897c04c8

SHA512
e0c3897f75a9a68008cf0ee4ac050d8de80cb977389658d2164fe7b6c8d02b7dd4d91a44a8929e9656509de9ef2bae2d00bf0497fd07c70de25e96776ff2e3b2

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\M1K892EY\sprite-36c2116971[1].svg

Filesize
147KB

MD5
36c211697153c545c73095a855900246

SHA1
9715e211f91cca5c1d8cecd98f1f65176aa642f2

SHA256
6dac89a69a06e521640197f1af0e51505b30c272b6f5e8a65a4b880f977def0a

SHA512
9b152241485d729b84664c7fb9316695dfce3f1d0f1ef42252b422e51ae40e881850e4be24b2f65e0c2d3595ab52a58e5027842366b488b1a56f2a3003ec2d8e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MDB4DEXV\app-of-the-year-090520190842[1].svg

Filesize
4KB

MD5
31f4adff4362007272ee1ab47e9042e9

SHA1
fa7a815fb721e81c53b713cba193e9673441141f

SHA256
59edd0415fc29a9933a321299bbadc7624b448da5ebc25f1984ad16c45bd0b79

SHA512
262fb69d165ab9b81340b2230f93216a8b8516bcac257866d3256afcbf081d86015de8b3ab9c55d9a82fcd106f022f1b03d04c636e7bf7d9b58ffcf7b0b9b673

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MDB4DEXV\editors-choice-090520190839[1].svg

Filesize
13KB

MD5
c6fa1263034d06469e16fafb4cc820a1

SHA1
cff8905f8ca901c93b9e5174287d9154b6447aec

SHA256
ba2dd87a586c44039a6185cf206545725078a23f87c00c0c6147c6e483351452

SHA512
28531f97b86b9d0cef3cc590c1bd222e0e73bd772f82c2dde430cfab1ca7a7d724775369fba009d5989071ca1c3d303d2214b929bf6c8d2d0f8bf6ebf3d8dc57

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MDB4DEXV\global-a940c6c0d1[1].css

Filesize
93KB

MD5
a940c6c0d10471d8f59b7e95e26ea36c

SHA1
6c08c5589a7eaabe6f4e07cb6fe751bbf3404684

SHA256
1114528968517c610498498c1e7a6fe640735b3c08111fb2e86034a9465c9f14

SHA512
3070a1a4fca80f691bffe2fac807adbbf485b2eb67d9ef8d106db5fba990d79f04ef4841a2e0dc3f4822bb975824882a8c3533589f8f8a7bf094271b7215aba5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MDB4DEXV\home-e1b80df983[1].css

Filesize
378B

MD5
e1b80df98349af00e222aaa869bfaba5

SHA1
18ff4baa03e021c170520a752d5ebd97c8583139

SHA256
883c15661c020214ca9a30f63fc5b60ca2bafcef78e190eb899b3686f00bf55d

SHA512
52c0b8b2b289e185df2fd9e93d4da0b16d1019c4a0fb476df4069bca5cbc7a9f6e1ce8fec2d2bf6cb01ce9c22ee77901a3419242ff85a86d20abd5a5509b754a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MDB4DEXV\photo-expert-reviews-090320220831[1].svg

Filesize
8KB

MD5
eeb7febe628c8e76e89b4f58fb13512f

SHA1
4153bd9b2a83fb0e0abf39df92da032724fa06e8

SHA256
4005a788ab53de4ce9031951e5f3ea621a0f62005fc6655fb3699d411a7a6859

SHA512
44b99997b7a15af24c76a35df976d3964d3adaaa094fa4287367831dc7638178133869299da77ea39dde45fc45ca7539ee4c37c13a4b5608b5d8c12c1ecb6f07

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\MDB4DEXV\stuff-gadget-publisher-200320231124[1].svg

Filesize
10KB

MD5
0c4d794e4a3f0d2f8936981459bd6ac2

SHA1
09da3bfd67f4d60649384a791a205c37cc3d63b2

SHA256
5bb426712cd0e16591703f4be320ef74e611c61bd918e3b8044795ecba32d7ec

SHA512
5db71e5941ceb5f235d00fc4cd7ab38dfcb3fc4ebaae972afc9b2df7b92a31565dbee380975d4522196690fb2549e86dd889dd4749ee0db523edf36000904e2c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VYCDW2IY\site-7c78709c52d2d2acee50.min[1].js

Filesize
104KB

MD5
3372814a7bb5695852950a850a62165c

SHA1
ae0425368db97e527a917f55b9e34ffde7d9e981

SHA256
93cc3613f94d42e21020a564d3f12103741f242f04eaff7f2ad629b2abd4e439

SHA512
1362cab55dd4b9fb488aaffd3353c30345d2cabade02af367be71ddfa3d136a0270da1a28acf801e73c40ddee83e232532a3ce8c48363d54bc1e252e4919426e

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VYCDW2IY\stuff-award-191120201459[1].svg

Filesize
8KB

MD5
8510a1af31eec80ea3a0e6507c14df4f

SHA1
d59630ab3bf383e9370e7214585fd5b854407165

SHA256
afc3e9bd088611aa3d945d542a068e0885a92a2e28aece4457c2c28bc43151cf

SHA512
aca0f441bc66580c15b0a0a4a8390d515ba542202b64380a3e652cb5bf25b715b1ed3945c90939d3334411a4201b76e81bc53fc87f73408a08964b758d1e0aaf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VYCDW2IY\tipa-award-090520190839[1].svg

Filesize
36KB

MD5
759d46ea90905fd4663873279433f939

SHA1
6f2673ae5a2a57171366978c6d98c8e996e41ccb

SHA256
afc5168b2c03b7c26379548161003da4635cd84373ff0aa5983127c8dbfb1b24

SHA512
79db93aea481d6a0fc69c3c7760ad2b3bcbd7f37ebbedf519e34a5ff0e3ef488966e1a23bb920ce8347f1a2338bcd9f4ceb45bf4f0560afda87f3ac732a3941d

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\VYCDW2IY\vendor-dfdb899a38d33344824c.min[1].js

Filesize
424KB

MD5
142d8ede0f6e973c74ada09741a39d2e

SHA1
ddd17d928cfdbd3b0adcbddaedd9744708d1a0a9

SHA256
e61bb390a39356954a1c78c0ad9cbb2447b8bb9da99bf93636f28c1cf9e18186

SHA512
0835ad90a7a9d19c0d206ca14916c7a338e84f9499ef72156779ede626d283ff12e4bd5d0545d8944cd594f50534e89c82075b2df99561a3345549465bcbd105

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\3CSWBLDI.cookie

Filesize
101B

MD5
4deab71560abbe0f73b923e0d3b062da

SHA1
8516838a8395211e4d23d29d57997f1bbf83bde9

SHA256
7b85098ff2208a098ab02902e90ea196fc009936259ccb1eca63b67418cf75c9

SHA512
8723737a777fc8e9bed55598ecd7c727465e28d050412a8d5bdd70db153713761905f6290b72a76b92759d86dc29385ef4f9a86fe8d58aec6182f9695ad361a8

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
1KB

MD5
2b48d374f22d50427a78a9dd1d74e144

SHA1
f8d3d6f465ff86d84f88959de1251e3db936efb0

SHA256
02649a5e95aecf6594d0c6a6948b59bcb034068ab6df44cbe5e557c5f7a06c5c

SHA512
6124ef7665439530da520e44ac648f964072f7f8b4aaa9764c85047b0789a5a73064fac9a3eaa8c0248c50eb3a2c4603d2f6a54be81a69a2ea39dc61f79ce89c

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
1KB

MD5
e23c1a2790432ce707fd32701efaa2bf

SHA1
a146963ba6a57af403552483b32897af9f7964e7

SHA256
1cdcfceaef9d59833a2c7df20d600709d64f7749c565e63cef8b08db2de26045

SHA512
dd00af182b6d743b71e3451df49f1865c8cfdc6bdaa207e74f07d60511d37c2657f133b85e2851018ac971bc034e9b831a98aceb650aff70954768d60e24a11a

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
2KB

MD5
791069cc84163e32fb5f5824bc0c81e9

SHA1
9faa815c214d27ff396254eebf5a94f7c3b8be9d

SHA256
8ad6096ca4a05d921243b50c4eb065302635af5daca79bbbb50c80b3b4ba0cdb

SHA512
c7ad6f55fc0fe03d75df48330e919dd8e9e796dd0216fa07ad317f3773871d46afa3cd1e825481b36647bef0871f8d0e2d3fbff3572ba17e2f2bba5756b38ad5

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\Content\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
1KB

MD5
498c6b7eb0a9b16be880caee99a2506b

SHA1
33bd0647af7d90d86180f50c0b95c8b4551cde07

SHA256
e7d719758761a5d8de6fd6bd52cc4bc683a8204d19410763ff36d16341b86591

SHA512
411b85b159c75c516b6a102f16570219bc4683a4fc402e8533b55362d9c08e9119bf9035a23d33385e65dc1ba4f4ac66192ea4545f9e66a6d63eb232245c82df

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
434B

MD5
b5d9a41a62f3f81221d71ef6c7483a85

SHA1
5f12c5b894096082c17849dc04ec55c748880d54

SHA256
c56f77994d52e9d6744ebea72bab9589aa6b0d79552140fc0003935c9a882c6f

SHA512
5689437802645e63a9e017bf1dd2c3b9331b7f92e8872792c7abfe96815d09971f7f5e47512d92d25ae81d634bb3c9184fc9fb7f72d3f62e9ab6fc0800c188b3

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_B5D3A17E5BEDD2EDA793611A0A74E1E8

Filesize
438B

MD5
dff00ba9e484c16d86be519c05aeb7c0

SHA1
d9bef736aa25ec8bb120ff53f76214300f4e1021

SHA256
094666d09fe3e26caa3af4d53314920a1a5307bca44e8a31caccca90e270a895

SHA512
b84204e0d9efe5a8000bd988a35ecfa4b509697f6520c424b244968fd285e22a8e8c711b8fe619a5310184ebc244a4fcaaf252b809f15627218dc0406186bf03

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
fb806a407f9ad9d3fcf2f1ceb6af2e4a

SHA1
5f36196a45a527d5d15b6fa0abb6364111f1cb05

SHA256
25f27f3851c3a67d3a0daf16627fbb9d534906a8d2c0d3fb7c9e5f8013539d5e

SHA512
ebe5db8aca76d578f50689dd2e374ffe8d78c9662f874d6a5caddd6f4a9e6a04646068713a369a7fed526c598b786a9c47a24b5bbc021027065c9978dbe58bc1

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\#!001\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
d918752cc04275fdf24b3d72efaf17ba

SHA1
f9e6424a8f7183815a242b82cc9bdb060048d572

SHA256
6a4318113dbd18ae9244316ab6a74fa45114ea2f60402b3bf2b07ccab8011713

SHA512
e1050068296960c0bd1963133e29ecff2a86feb1ac0271e5744c4ef58e8087ddfed9207cb0f7d36f56a943f9e16c0ab7ff853d9f0d2bc2c2e313c274666c8518

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\LogFiles\edb.log

Filesize
512KB

MD5
285954b0767e4dc659cd75798f6ddc4c

SHA1
42e46e101b72f4a1bbd2f16e657321652bc1ecb0

SHA256
3775891792add9195d97ecc29c63e08a762d924211fd7b074ea8808627d50737

SHA512
7b2e759c5fc94a9e977c46d84955e47dd360847afcbc1d858218a8b53c9ef589598a7da71f08b76f43fdfd2a51551cd8911221e78cc6f19b04f0741751175861

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\edb.chk

Filesize
8KB

MD5
8c2e62feb6cd0837c407afcbe588a40b

SHA1
1114c9514e5d34a27db1a22dde17220da3d68785

SHA256
bdbc7bebfa091a23ed70cc8af3ec9850a857e0d26b4c58498d4f04836e542a42

SHA512
afbb73c26de48d7e02cf041894b2f65ec1ad58cfee0903b9e0682aadd9b43107363953f396d762900b00c028c255d753fd4b126c3309a6c72e2f00ef21093090

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.edb

Filesize
2.0MB

MD5
da013c9719dcd649cbab33bb65168240

SHA1
4f0fd5afc0e92aee73d9fc522ebd1905dd4e34d6

SHA256
21663e887b8d45ce3d8df82429292b592e68dcf77fbe3a9f30c49d3a5d25369b

SHA512
d19ba44c02f104424da2e3d0e1c583e2d1a86edd47605872a3a588d7ad30b5da178d3353b95181932e3a7f3406150e3f89f12785871cb84deb6eaca3f88edfbf

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\DataStore\Data\nouser1\120712-0049\DBStore\spartan.jfm

Filesize
16KB

MD5
3cd394ab8e58050aaa25c37e2f909f99

SHA1
d427fb17cf1a787393cd373c322d6a4c32fab22b

SHA256
54e1259a75570a79ff97e7860f9f3ef47e8e86bb02bf6fd86b379b42416a3489

SHA512
67549e8397fea00e4653d2e71333995d3ba37570f8a258ba2076c5338b9472692e2f2862e361d96a8f667fb7d3ad988d2e677b3e7e6e0b262ea413c7f8d25297

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\ImageStore\itv2p09\imagestore.dat

Filesize
34KB

MD5
3673a773fe7adb3c232a17ecd55472e1

SHA1
9bf8a2de8c84123a774f2b602ff99733884bfe60

SHA256
f11281a45d7d5819bbdfc422bd22f41163511c622a3d3324777fb97dafdc60fb

SHA512
72ae0d15b5ffe7d263cc9d9e2118e075d291d4952135c208d89ebeae2e47910954d277fabe20ac682d462c84851c3adfb3a61500d3ce9c002ced6706920f539f

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\RecoveryStore.{AF6409F4-ABB6-464B-BD52-E95DB168A566}.dat

Filesize
4KB

MD5
1765d7482b8eb183abcd5f7fb73e5fef

SHA1
25f2b4afb4441265e35f074acfcd1b6fbee2a7c4

SHA256
299c80b798480daf870bc557160e1396623c0e05346a4f7a87d2e39bb557ee7c

SHA512
590b443d319b608394f4070aaad4c08a855cbaec60d759a1b26f7ad51641dad6205d31fa59cb667f4e937c95bc66a9d6285f7a874b8a4f7510b52125a7e88512

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{C346B4A0-0545-4634-A35B-97738C2A8992}.dat

Filesize
15KB

MD5
f8a997c0232f0815c7871c039ea8d63c

SHA1
22c97f86c1707c170d629bf5adf3c83436d4c193

SHA256
4aed707f702396c734258436e81e0e38ad04d3c26587b2dc6ba82a7dd5ecb48d

SHA512
518b26a6751a1a5c07bfededf92f14817eb807aa166e0d87ea1cc123c0b7416b580c7ece9e37485c1e2bb6e302a2310d6347ac55f50c9cd9598f6c598295b551

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{CBB436F3-C6B6-4AD1-8700-39BA2625B7E6}.dat

Filesize
9KB

MD5
f0d58a12611187888ea61a2b6311ed17

SHA1
d2b0562a4805a843acea47a37d74a58942a7d313

SHA256
68bcda370266cea163a353e68fa5f4491c25494288e0aa758c88653e2f49673d

SHA512
fba2185c28a4ea94b60b4dfecaadc68b77a06867a0e992873df31dadf826dd7afd9e6ba0500af67d526e9495d6f4d1e8b883d6d16affe08bd94c5cd093a194f0

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{E3E37B6B-EC24-4530-9764-F78236308827}.dat

Filesize
7KB

MD5
d22c479940b8be92c3e61f948c5f68fc

SHA1
476cc7c3d44ed3d59f2a1b60c0c2dacf34190e5b

SHA256
f55c43aa6885a0b587ff1034e90b340a66bd608299f39c963358224db6ca84c6

SHA512
81eb9201b47c44ccbc8751f02772fcad9cd07de87c18bec72e552a14976d155303cd9e47666b39a3bc0c5edd9fa9c7d89d06a87b00f749b3af3b1abf826e1587

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\MicrosoftEdge\User\Default\Recovery\Active\{FC63AD9B-AA02-4345-8AC0-3B695634DAD1}.dat

Filesize
6KB

MD5
d6a993eb80240794dbc8f61d4157750d

SHA1
13cd98b21ffeafb6367282f3d214080675410b52

SHA256
1caa235239b4bd030745f1481049b1f6048069abccaff327578f64d5723935ac

SHA512
87d916c760b375dc38b32bdf71f7d7ac7386d95e759c6aadd24be3ef7e4f3f254dad3d2e6052cbc6ada731b1846890765296178ae0eda9cee3222f70eed518b7

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\F53EB4E574DE32C870452087D92DBEBB_5F87C4985A6C9024A2753D4693D6B601

Filesize
471B

MD5
189bdd6fdb5f2e689991c5d0d59c4101

SHA1
84cd549dbd4a763d9ad76bc14b8d52fefbd745b2

SHA256
e55e074298544e0cb5411981a5ed2ee18ec36387b43c601094c7b7e684048eec

SHA512
261ec3a0c937f418f34f2447ca711c9101a22f401e271ea7847d3416a0aeccc37a5811f4e3f48a7b249a94253fc0ba5e4d6b2a748aab7f532a6c348763505b94

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\75CA58072B9926F763A91F0CC2798706_056B48C93C4964C2E64C0A8958238656

Filesize
434B

MD5
2550fe19f2e8d35cde93829ee50b64b8

SHA1
aa77c1d7f5cb1f9d3795d43be6487a301272f646

SHA256
b684fcee8baa7365a2926930a09e6ef318878006b2ab835f64e875c5fe10a06f

SHA512
8560b1ec48e18f26f720fce42f1568be195dffb74005e4ad05b7dae22b8b5a8ba56816c67d7c36f6ef74b07111403cb9801880e02a0f1dd2fd7c97e91b12a9af

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\B66240B0F6C84BD4857ABA60CF5CE4A0_5043E0F5DF723415C9EECC201C838A62

Filesize
458B

MD5
d411b5d5384a5a67f292dfa67baa7bc4

SHA1
612aaffd6a2a961c7b4912867a89a44ffddf2230

SHA256
7082c7cf9ee29e17a374da4e486cd23ac72e5ac2e130647b306b7027d7b5369d

SHA512
1c2686f9117d5606b4ac48d937dfc25a690cfc77ea1b2c306e66009642db03c58b2016593631eb47f2b2611a433fd5c16ed91ce44f37f7f7506663b4d7377670

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\BAD725C80F9E10846F35D039A996E4A8_88B6AE015495C1ECC395D19C1DD02894

Filesize
432B

MD5
b0381729610c7a5e5bc31dfa22769daa

SHA1
01772eb5beaa480c56aee39f5d388041345b6865

SHA256
de993e4ca093bca67af12cec0dd6eea0450600cca6be8370aa4ae5efb542bfb6

SHA512
a5f6adc4896d94822597b11b785e706d5e780c4f93f4fdd51fb83c59a84dc045e4a3f51474952e93b6f25e38a0ffb25876cb94e5887d12d461f00ae39a430230

Download Submit
C:\Users\Admin\AppData\Local\Packages\microsoft.microsoftedge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\F53EB4E574DE32C870452087D92DBEBB_5F87C4985A6C9024A2753D4693D6B601

Filesize
426B

MD5
2e357360d60f8f45c7ff28c370c64dff

SHA1
1e40287dcd6adaf5108d854c6fcc0b4860b9070a

SHA256
721075189cc88572c928c510278cb5b67b356138177773e9870d85e8f782b08c

SHA512
904d2caf656830a6ab0c08eef7853c143d18249aa023dfaae6f3cf619553e5e00ea62f664a2a47d943970edb8b9842c253fc9649faa20aa63f6ca86cf72e3874

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
35fcffba21d1a97c642d612888d41791

SHA1
b39ee03d15186a69d5794caf323bf248fa496238

SHA256
eb08e51fc8d02cd49c614c6999552447aa10e959be4b5fc4bb10ebba9ef63794

SHA512
c43c83068aaa5c80c4f962c9c534b41f2c85623618740498a25d8dcd3cf1bf5d6f8b6187d4e2e0ad332f734ba8b6ccd3be71c38cae6cd2ef0772768f2e9dcddd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7cc615f7-893c-44a6-a45e-4024c30f82a4

Filesize
11KB

MD5
12579f0fe8747365d2d0f1037bfedc58

SHA1
7269e0bbe9df6026c1f63ed5ac28564121f9fa6c

SHA256
dd64e443e368f8b94d06752807735df49bbc95ca81b7adfdbc2d1a61c5f282f4

SHA512
41a44c2a6ba597afeda91f3d72a77726be7bec66771084291352965c11b8c9bb6827cb4cfeeb04d507fd79bdbe7bff6c987e67ca6e1a52b318cbd6c793cfb178

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a0c55834-822c-4109-b455-2b83817c9700

Filesize
746B

MD5
900cbe6796b7218a5aed4a75aa1e4f0e

SHA1
b9be9df8e4b6572af6703aff813ab646493db09a

SHA256
fb0dce59ab63f392c1d1ea4764423048db7b556e9476b5c8751f8dba3f621172

SHA512
c1865d859b6bebcc63da5cbb8480e74e5c98a2be9f1b146fae0dfdd403c2a243b5ab23809276a8e2e36a6402705ecf7092d8c2230d303d0046037448cc25599a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js

Filesize
6KB

MD5
0f386ecc75892a0e8e8dad8bbe9da0b9

SHA1
1a48738950a69cefb011a4b18f3716f7a1ba977e

SHA256
36a4f11fcb10aec8479bd99e7c1e6515f256f456f6149e2097789672d56d48ce

SHA512
ffd07e765f81ea741b14a0bdcc7ed3fd868db349b8eeef32b88b18e438d0234adddffa6a3655053a405cac8a9b9ceda0419ddff7913fd26b51fdec9b31393458

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js

Filesize
6KB

MD5
e7bc33ae9da0ea4324035ca604485197

SHA1
4a19e5339649d18ce39a6792f3b433b75e18c3c3

SHA256
fa4f4ee3cfe70c6df004db1cde6f5ed2356ceb0ff879e182b36346795c93c0f4

SHA512
be878bb3b62659e7ee431dfd0d8a120394174c1dcf184f17bee1525227bcf48e9992648119627bcab3caf589d015a534cc44ddeb6f0319d0c9e83a6bc6e737db

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
32KB

MD5
2a1084facdd86ec98f61b48d9a46457b

SHA1
5f5cba3b5f3994ad1ae26f7376455d22a433a790

SHA256
3865b8826c3e3de8bffa75c4bc32b866aa08929fa3daf7fd4d801619d7ebdfe4

SHA512
666bcb44d6eca5245b7ff4ac39201adad278291d97f6f1062d15570b1df6f23e037f6aef2519192937193cbfc78b41c3554bdbe91b771d572766d414636b3571

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore.jsonlz4

Filesize
32KB

MD5
ff94018a06890b350859af43b1129021

SHA1
c84fd36dd682015f4a7be1352c9dc9a22f415832

SHA256
998985c45309dcb4cbd29b0704ce3048c2d118e951ad71c8b961af68d7d4ff32

SHA512
1283a4dd80fe34ef3202bae0e5f41fc3580815a5007bc02348cbad2c91d807df0e81a879b8034a4a4b07a17ed88214773f4afb41478041b1881285c874c60987

Download Submit
memory/2764-19-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-12-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-1-0x0000000004CA0000-0x0000000004D6C000-memory.dmp

Filesize
816KB

Download
memory/2764-1646-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-5-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-6-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-24-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-32-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-52-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-1652-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-1651-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-1650-0x00000000093E0000-0x000000000947C000-memory.dmp

Filesize
624KB

Download
memory/2764-1649-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-1648-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-1647-0x0000000073CBE000-0x0000000073CBF000-memory.dmp

Filesize
4KB

Download
memory/2764-1645-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-4-0x0000000004BD0000-0x0000000004C98000-memory.dmp

Filesize
800KB

Download
memory/2764-1644-0x0000000007E30000-0x0000000007F32000-memory.dmp

Filesize
1.0MB

Download
memory/2764-1643-0x0000000005430000-0x000000000543A000-memory.dmp

Filesize
40KB

Download
memory/2764-1642-0x0000000005270000-0x0000000005302000-memory.dmp

Filesize
584KB

Download
memory/2764-7-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-8-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-11-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-0-0x0000000073CBE000-0x0000000073CBF000-memory.dmp

Filesize
4KB

Download
memory/2764-3-0x0000000004D70000-0x000000000526E000-memory.dmp

Filesize
5.0MB

Download
memory/2764-34-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-14-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-16-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-2-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-71-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-20-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-22-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-26-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-28-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-30-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-36-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-38-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-40-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-42-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-44-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-46-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-48-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-50-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-54-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-56-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-58-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-60-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-62-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-65-0x0000000073CB0000-0x000000007439E000-memory.dmp

Filesize
6.9MB

Download
memory/2764-64-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-67-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download
memory/2764-69-0x0000000004BD0000-0x0000000004C94000-memory.dmp

Filesize
784KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads