hxxp://player[.]yumpu[.]news/icomoon[.]woff/

Analysis

max time kernel
143s
max time network
144s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
27/05/2024, 20:06

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://player.yumpu.news/icomoon.woff/

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-711569230-3659488422-571408806-1000\{CD22E50A-D212-4179-BF6F-A5E30C9A849E}	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
1236	msedge.exe
1236	msedge.exe
3900	msedge.exe
3900	msedge.exe
3292	identity_helper.exe
3292	identity_helper.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
4232	msedge.exe
2152	msedge.exe
2152	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 22 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	5760	firefox.exe
Token: SeDebugPrivilege	5760	firefox.exe

Suspicious use of FindShellTrayWindow 29 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
5760	firefox.exe
5760	firefox.exe
5760	firefox.exe
5760	firefox.exe

Suspicious use of SendNotifyMessage 27 IoCs

pid	Process
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
3900	msedge.exe
5760	firefox.exe
5760	firefox.exe
5760	firefox.exe

Suspicious use of SetWindowsHookEx 1 IoCs

pid	Process
5760	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3900 wrote to memory of 4276	3900	msedge.exe	81
PID 3900 wrote to memory of 4276	3900	msedge.exe	81
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 2216	3900	msedge.exe	82
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 1236	3900	msedge.exe	83
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84
PID 3900 wrote to memory of 3532	3900	msedge.exe	84

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://player.yumpu.news/icomoon.woff/
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3900
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffceff246f8,0x7ffceff24708,0x7ffceff24718
  2⤵
  PID:4276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2104 /prefetch:2
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2872 /prefetch:8
  2⤵
  PID:3532
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4700 /prefetch:1
  2⤵
  PID:4620
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  PID:544
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5560 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3292
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5852 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5868 /prefetch:1
  2⤵
  PID:948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5104 /prefetch:1
  2⤵
  PID:688
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5124 /prefetch:1
  2⤵
  PID:3212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4696 /prefetch:1
  2⤵
  PID:5344
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3496 /prefetch:1
  2⤵
  PID:5440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5700 /prefetch:1
  2⤵
  PID:5524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5032 /prefetch:1
  2⤵
  PID:5776
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5804 /prefetch:1
  2⤵
  PID:6080
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2788 /prefetch:1
  2⤵
  PID:6088
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6004 /prefetch:1
  2⤵
  PID:3784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5952 /prefetch:1
  2⤵
  PID:1056
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=4892 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4232
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3012 /prefetch:1
  2⤵
  PID:672
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:1652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5288 /prefetch:8
  2⤵
  PID:4384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=3548 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=26 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5772 /prefetch:1
  2⤵
  PID:5808
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5412 /prefetch:1
  2⤵
  PID:3484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6180 /prefetch:1
  2⤵
  PID:464
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=29 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
  2⤵
  PID:2960
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2092,16062035957052061843,7605799446485872194,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=30 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6088 /prefetch:1
  2⤵
  PID:5636

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2256

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2768

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:5688
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5760
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.0.1190359223\64586106" -parentBuildID 20230214051806 -prefsHandle 1788 -prefMapHandle 1780 -prefsLen 22076 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {1746c22b-928f-43fd-b729-c3881d1c4dfb} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 1868 1e5f6515158 gpu
    3⤵
    PID:5932
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.1.755031375\1850152448" -parentBuildID 20230214051806 -prefsHandle 2424 -prefMapHandle 2412 -prefsLen 22112 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {ebf3e4d2-a2c8-4790-8580-a17c83814acc} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 2436 1e5e988a558 socket
    3⤵
    - Checks processor information in registry
    PID:5584
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.2.1182663561\643259848" -childID 1 -isForBrowser -prefsHandle 1604 -prefMapHandle 1560 -prefsLen 22215 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9b027d59-5fcb-4374-b5ae-8e78b5ffe68b} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 3128 1e5f8fe8858 tab
    3⤵
    PID:4068
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.3.552190669\1891137428" -childID 2 -isForBrowser -prefsHandle 3748 -prefMapHandle 3744 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {8bb0bf62-6315-438a-933a-c51c48b96ec0} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 3764 1e5e9879058 tab
    3⤵
    PID:628
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.4.411404849\519513657" -childID 3 -isForBrowser -prefsHandle 5104 -prefMapHandle 5080 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b70a15db-0993-4642-bbb9-226970693982} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 5112 1e5fd4cd258 tab
    3⤵
    PID:5252
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.5.1125689212\291370325" -childID 4 -isForBrowser -prefsHandle 5240 -prefMapHandle 5244 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e33cb6b1-ccee-49f4-8883-c1f177028488} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 5232 1e5fd4cbd58 tab
    3⤵
    PID:5624
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.6.1096940545\1113148102" -childID 5 -isForBrowser -prefsHandle 5436 -prefMapHandle 5440 -prefsLen 27692 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d5023d4a-5eef-4fb3-b3c8-969fd3502f04} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 5424 1e5fd4ccc58 tab
    3⤵
    PID:5616
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="5760.7.860137307\1916115729" -childID 6 -isForBrowser -prefsHandle 5920 -prefMapHandle 4948 -prefsLen 27616 -prefMapSize 235121 -jsInitHandle 1288 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {a79999d7-27b7-445a-8b96-9d9ad12a9c3d} 5760 "\\.\pipe\gecko-crash-server-pipe.5760" 4944 1e5e9881658 tab
    3⤵
    PID:5684

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
1ac52e2503cc26baee4322f02f5b8d9c

SHA1
38e0cee911f5f2a24888a64780ffdf6fa72207c8

SHA256
f65058c6f1a745b37a64d4c97a8e8ee940210273130cec97a67f568088b5d4d4

SHA512
7670d606bc5197ecb7db3ddaecd6f74a80e6decae92b94e0e8145a7f463fa099058e89f9dfa1c45b9197c36e5e21994698186a2ec970bbdb0937fe28ca46a834

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b2a1398f937474c51a48b347387ee36a

SHA1
922a8567f09e68a04233e84e5919043034635949

SHA256
2dc0bf08246ddd5a32288c895d676017578d792349ca437b1b36e7b2f0ade6d6

SHA512
4a660c0549f7a850e07d8d36dab33121af02a7bd7e9b2f0137930b4c8cd89b6c5630e408f882684e6935dcb0d5cb5e01a854950eeda252a4881458cafcc7ef7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000002

Filesize
62KB

MD5
c3c0eb5e044497577bec91b5970f6d30

SHA1
d833f81cf21f68d43ba64a6c28892945adc317a6

SHA256
eb48be34490ec9c4f9402b882166cd82cd317b51b2a49aae75cdf9ee035035eb

SHA512
83d3545a4ed9eed2d25f98c4c9f100ae0ac5e4bc8828dccadee38553b7633bb63222132df8ec09d32eb37d960accb76e7aab5719fc08cc0a4ef07b053f30cf38

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
67KB

MD5
d2d55f8057f8b03c94a81f3839b348b9

SHA1
37c399584539734ff679e3c66309498c8b2dd4d9

SHA256
6e273f3491917d37f4dbb6c3f4d3f862cada25c20a36b245ea7c6bd860fb400c

SHA512
7bcdbb9e8d005a532ec12485a9c4b777ddec4aee66333757cdae3f84811099a574e719d45eb4487072d0162fa4654349dd73705a8d1913834535b1a3e2247dc6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
40KB

MD5
3c2ac6ed09323fe172784cdec7f3d671

SHA1
79eb656ac99f1a2efa7fbf8e8923f84dd2b63355

SHA256
67d42a456baa3edbec1eb21c94f294c04a72bac350acfae80f4f2b65afe8bc5f

SHA512
ac95a571afa882744a42447e84c1ca5231303ba33700f63e99d58860e9635ddc861745678d5c74b137af3d50daf05ea710abe65b11ffba95e2b2f6aaafb65071

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
19KB

MD5
2e86a72f4e82614cd4842950d2e0a716

SHA1
d7b4ee0c9af735d098bff474632fc2c0113e0b9c

SHA256
c1334e604dbbffdf38e9e2f359938569afe25f7150d1c39c293469c1ee4f7b6f

SHA512
7a5fd3e3e89c5f8afca33b2d02e5440934e5186b9fa6367436e8d20ad42b211579225e73e3a685e5e763fa3f907fc4632b9425e8bd6d6f07c5c986b6556d47b1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
63KB

MD5
710d7637cc7e21b62fd3efe6aba1fd27

SHA1
8645d6b137064c7b38e10c736724e17787db6cf3

SHA256
c0997474b99524325dfedb5c020436e7ea9f9c9a1a759ed6daf7bdd4890bdc2b

SHA512
19aa77bed3c441228789cf8f931ca6194cc8d4bc7bb85d892faf5eaeda67d22c8c3b066f8ceda8169177da95a1fe111bd3436ceeaf4c784bd2bf96617f4d0c44

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000007

Filesize
84KB

MD5
74e33b4b54f4d1f3da06ab47c5936a13

SHA1
6e5976d593b6ee3dca3c4dbbb90071b76e1cd85c

SHA256
535fc48679c38decd459ad656bdd6914e539754265244d0cc7b1da6bddf3e287

SHA512
79218e8ee50484af968480ff9b211815c97c3f3035414e685aa5d15d9b4152682d87b66202339f212bf3b463a074bf7a4431107b50303f28e2eb4b17843991c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
768B

MD5
4fc03249586af02380e88d2a868f4484

SHA1
a6221b2329a625bf961708022aedc12dd360074b

SHA256
a17916425129d81c3e50c0c3c8ccd44bc0293d656d56510181094ddda4a71f00

SHA512
2e555e8bf75ff1b612d5e5313675d70df0d4472072198f1c32d6270e15adfddc4db90073a9cebc79de85d0ba044d7a26395637967dec7f2129f075dba55ac6a1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
96003961e6de2d67d3dd5e331a974aae

SHA1
ef979baf5ddab5b5d01ca0f1fb8cd111b9c0eaa0

SHA256
2db908dd4161399b78d12ccb01486a2c956b75802ed2a5cbdac9ce8d02d671d6

SHA512
8b4a90c19b5ddc6fa6be4c7d3b409004d0ab44b0c2697f36956f1cdee9aa909ea2737f04a8c5efd38f3f6673d8855d39c400752d19a159b5ce46a7e1234e1914

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
1bcf047f860cdb98516f47b6352fb59b

SHA1
d4903643ea21a6f08678f0f70d4d3236aa64cb71

SHA256
db5e1dd1855cb0b8654c3630f5a3d9b41ce67fb8a1676e047a29b2728d901d52

SHA512
1c73bfa09568e6c653b326f8e72ab0a2c127e5dd5c13f86ab0caa16748a2192f893caa968ebf0223dbd501466f9182623b00b2b3f9781433223ce14691906497

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4c9b9ea5bf91a39762dcd314c92a9725

SHA1
65c356f0a1b42aab9b573d728e0be1a9f05dfd59

SHA256
071d66afb6aa56e6c8ff6da03705f296b6683dbcff7b4469f70a7563c70f17c4

SHA512
bc37c5387dc5f995ae6f93fe8682995f66e06e7cbe71fcd45c012742d2ab33b6021a03fe3d06bbee7ea3779f06b9b1288fefb012606801d95eebd0f758ee53f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
eb8bacd5b3faad248792b6987540218f

SHA1
3979053436e23ee5f09eb5110dfe518a72f1dd23

SHA256
7e8312389e1d9c51692a6ec5c440b28f7b524b659cc9365b5cf1d15ff74bc8d5

SHA512
52e8b456b62e22a0d861d9ea558bc0da3614955842c66fb3acfc13e0ea155d9beb24490a284c6b8783b4590b12ad823c48f465d8bffab2cbe8958d172404d467

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
a1e7bf007d7b7dab37ac39d70b185e25

SHA1
c312ea4186de25b99e15eaaa66222b272cb6b4db

SHA256
0f086dfd185493ee0174bd56e781e7622839d798d0153c1f44ac1e3ce2dcaaa5

SHA512
d71969a41988e351d42b8b7e1b86e951c76e489b81344ced95d9b10e9ab03a91a7204766df25c7b2bd9016597fe3aef4e114b21d75150c45adfec4b9a1c4f624

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
d6537be14a696ee767df69c85a6b19a9

SHA1
d572d0de0d6859e87f7781e908f84cc749c0d603

SHA256
499d0083c295376aef78cc606bd5bdaf74900aee4b52fd39d861ee13a83c97e7

SHA512
43780eacd66f92c6592efced6b8d95cfd054dcf45090f0595a9c388d71cc8ef13b5346f0c6dc9380e2e030799d5d8f01d57ee00cc677c9fb569c5594e1b74ec6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0b3eb90836543a0f49ee429825bc2e8c

SHA1
b9854964641ce86c549f6647c2f8fb39b35f8c01

SHA256
a112533033295f8ca6475ddc7e99f7bf0f59f5a078b394fc157f7e2cccbca54a

SHA512
15766b8a2dc96da8021785aaf641c796cef9167f3833f3003f378339c3d34464ae6d6a38a4ac2faf8fe9d856aa115a0fede5d268c02576c642f0aaf4a816a5ec

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
705B

MD5
f76f7effefcf16d8e245bb6bba67efc4

SHA1
fc8479aa43cc8341f359eb9adc2ddcd79a046383

SHA256
d663fe7a826ed1f1ac00f2072135a658ec3620f0b15bd141046c368f1918e74b

SHA512
97bd951d5b5f3538adc930bcd2e78abdf0bc8b0b90255bd714582e85d05f26d02295d5f3eed03a65179528dc6f27af431495111c8cf15d8a3358d4ea5e22df94

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5956a2.TMP

Filesize
370B

MD5
3411020d92f51c2a0e236bfadfb1d7e7

SHA1
4041bc2f6be9033d406b8fc00e6425cd3070548f

SHA256
547d1bff804710c082a27013aad0455f3c6956117d81b445bea63a2ffca19bc1

SHA512
51e8e0ef6b46353956f1b46c620cdc27f3e647b753efeb72d4f8cf8320f39ac1e0973f8495191de5baaaf0fe444e31aabe4afedf19891bf4448d14e2bd5a14e0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
cb6f600fd1550b1ae9ad196e324d93e3

SHA1
0fdb8aa9fe8d52494cbe82cc08a6a3dc7853e1f5

SHA256
7b934739436e18617b99ef1293962d42bbb812e08b5d4a7ae62bbfd0b489b3e6

SHA512
add05acddd2cca9297be239ec52a802506c179d633320c88e85e578ff84091ba5435fb03d9bf9fa755faf69ba03ca249234bf9a740bf5a448dd5916e96a12862

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
c4f8a0c7b0886da259b2de33021477f8

SHA1
1c6dd6f501e5c4b2429fc87f97e52976dfef7529

SHA256
acc1cc6b7a69a308b4406402cad890c714c6ba0de6276deac96b1d429a5bc741

SHA512
400c36ceb24c69d4e3359ae6f844c080ea386074077cbb792e672c7ed3cccac2e6de36f204487e63883039f7b3b45ef10eeca6e6cbcda1f8086199eb1036981a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\47kntzet.default-release\activity-stream.discovery_stream.json.tmp

Filesize
24KB

MD5
af6639a69f45046976af5923d41100a1

SHA1
d2d03895d13723da64d94ff0482d641af73ccce1

SHA256
6846bf84674d1705c9ca154a5f96241787d73555b9b67231f2c35cc146172256

SHA512
de437b1fc23d3bebc5e836cfafe6ea6303804ef97aebebd8922613c85b0bc2947cbe5ddd1afc7d8f0ddc00e41f22a54ee1fd384a249ccb61a99158f5da5db8cb

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Spelling\en-US\default.acl

Filesize
2B

MD5
f3b25701fe362ec84616a93a45ce9998

SHA1
d62636d8caec13f04e28442a0a6fa1afeb024bbb

SHA256
b3d510ef04275ca8e698e5b3cbb0ece3949ef9252f0cdc839e9ee347409a2209

SHA512
98c5f56f3de340690c139e58eb7dac111979f0d4dffe9c4b24ff849510f4b6ffa9fd608c0a3de9ac3c9fd2190f0efaf715309061490f9755a9bfdf1c54ca0d84

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
71eb76ed43752c53768fe21147b7af09

SHA1
d8c16544118b1a35696c72212e27353406fb6a11

SHA256
7c0d0b3ad79537b9713efaf37f33b5430776fc323ccf4f923122c9a542dccb47

SHA512
7e7fedd7d6661c016ef53156a848bf3a97b108402947c876e603744a7d2c2e637238f8ac065eec31d7407cb548002d2ede70eef7132efcf9a48061c94dce084a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\prefs-1.js

Filesize
6KB

MD5
887101bb3bd3cf1188ee55bc40a91111

SHA1
f94113d57afd52f57ffd7202b4c8b93d9659e7bd

SHA256
495335a69894ce1fad85aba85605b3142f57190783b5bbae9d7344cf5fad907d

SHA512
1e02b8d595a0bff92c0663223365e6fb168a1122152d3d0fc4d3214fd574ee504bd7edc27c404720aabc16ed52dfd06304123b2b8f77bd8624089d8053f374bd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
3KB

MD5
d94069b576dbaf0f5dea604aca0102b4

SHA1
b6131876ebd18170cb7ac1f8fe71b86600c139b1

SHA256
ac39d987b5545efdd4597a79ec3dbb36cbae6c113e152f3a6805783f9861d745

SHA512
91a56f3d864b58c1790f9abe018d0f6675c0be81a5ab31ac534c5856a634360d34ebc3eddc598865aa2dc1d40726e1973b511cc6aa0e8352956eeb5049947990

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\47kntzet.default-release\sessionstore.jsonlz4

Filesize
4KB

MD5
a148bea51b0a72b7cbc7142f63e4d194

SHA1
0303090ebefdba990240968491c2b5f761f8ff0f

SHA256
d828fbce87917b7bcba555719c32c6fb1fa124dbfecf199cb70da5462f129e7e

SHA512
8fd04ac5f512d9bd5a96ba5a1d7a3e62ef465005c508387a39597ee22a0ea2fad0f42bd5550cf5654a16ef342ba1eab3f3a0d088c3224092a7cee385bfd9bd78

Download Submit