hxxp://pronline[.]ru

Resubmissions

29/05/2024, 19:33

240529-x9n9tafc2x 1

29/05/2024, 19:20

240529-x19jdsff93 1

Analysis

max time kernel
299s
max time network
301s
platform
windows11-21h2_x64
resource
win11-20240508-en
resource tags

arch:x64arch:x86image:win11-20240508-enlocale:en-usos:windows11-21h2-x64system
submitted
29/05/2024, 19:20

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

http://pronline.ru

Score

1^/10

Malware Config

Signatures

Checks processor information in registry 2 TTPs 10 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 5 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-2457560273-69882387-977367775-1000_Classes\Local Settings	msedge.exe

NTFS ADS 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier	msedge.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
5496	vlc.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
4780	msedge.exe
4780	msedge.exe
3260	msedge.exe
3260	msedge.exe
2880	identity_helper.exe
2880	identity_helper.exe
2000	msedge.exe
2000	msedge.exe
2008	msedge.exe
2008	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4000	msedge.exe
4784	msedge.exe
4784	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
3816	OpenWith.exe
5496	vlc.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 41 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4368	firefox.exe
Token: SeDebugPrivilege	4368	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe

Suspicious use of SendNotifyMessage 49 IoCs

pid	Process
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
4368	firefox.exe
4368	firefox.exe
4368	firefox.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
5496	vlc.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe
3260	msedge.exe

Suspicious use of SetWindowsHookEx 17 IoCs

pid	Process
2292	OpenWith.exe
3816	OpenWith.exe
3816	OpenWith.exe
3816	OpenWith.exe
3816	OpenWith.exe
3816	OpenWith.exe
3816	OpenWith.exe
3816	OpenWith.exe
4368	firefox.exe
5428	OpenWith.exe
5428	OpenWith.exe
5428	OpenWith.exe
5428	OpenWith.exe
5428	OpenWith.exe
5428	OpenWith.exe
5428	OpenWith.exe
5496	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3260 wrote to memory of 2024	3260	msedge.exe	77
PID 3260 wrote to memory of 2024	3260	msedge.exe	77
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4640	3260	msedge.exe	78
PID 3260 wrote to memory of 4780	3260	msedge.exe	79
PID 3260 wrote to memory of 4780	3260	msedge.exe	79
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80
PID 3260 wrote to memory of 1952	3260	msedge.exe	80

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://pronline.ru
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0xe8,0x104,0x108,0xdc,0x10c,0x7ffd1a5f3cb8,0x7ffd1a5f3cc8,0x7ffd1a5f3cd8
  2⤵
  PID:2024
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1948 /prefetch:2
  2⤵
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4780
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2780 /prefetch:8
  2⤵
  PID:1952
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3236 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3240 /prefetch:1
  2⤵
  PID:4436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
  2⤵
  PID:2916
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5648 /prefetch:1
  2⤵
  PID:2700
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5680 /prefetch:1
  2⤵
  PID:628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6124 /prefetch:1
  2⤵
  PID:1180
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5424 /prefetch:1
  2⤵
  PID:3616
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6204 /prefetch:1
  2⤵
  PID:2216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3404 /prefetch:1
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1896 /prefetch:1
  2⤵
  PID:4268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3828 /prefetch:1
  2⤵
  PID:4912
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6624 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1692 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3956 /prefetch:1
  2⤵
  PID:484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:4192
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:2628
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5992 /prefetch:1
  2⤵
  PID:1880
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5060 /prefetch:1
  2⤵
  PID:3968
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5008 /prefetch:1
  2⤵
  PID:4164
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4616 /prefetch:1
  2⤵
  PID:4876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4820 /prefetch:1
  2⤵
  PID:2248
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4176 /prefetch:1
  2⤵
  PID:3848
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5388 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:2008
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=3552 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4000
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=31 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2940 /prefetch:1
  2⤵
  PID:4328
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5552 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:4784
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=33 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4164 /prefetch:1
  2⤵
  PID:1648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=34 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5300 /prefetch:1
  2⤵
  PID:2712
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=35 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6784 /prefetch:1
  2⤵
  PID:976
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=36 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5904 /prefetch:1
  2⤵
  PID:2348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=37 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2644 /prefetch:1
  2⤵
  PID:3500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=38 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6744 /prefetch:1
  2⤵
  PID:2384
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=39 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5664 /prefetch:1
  2⤵
  PID:3216
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=40 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5372 /prefetch:1
  2⤵
  PID:2212
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=41 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2964 /prefetch:1
  2⤵
  PID:1856
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=42 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5084 /prefetch:1
  2⤵
  PID:5972
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=43 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4188 /prefetch:1
  2⤵
  PID:4984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=44 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4744 /prefetch:1
  2⤵
  PID:1484
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=45 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6992 /prefetch:1
  2⤵
  PID:2260
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=46 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6988 /prefetch:1
  2⤵
  PID:5236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=47 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7200 /prefetch:1
  2⤵
  PID:5272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=48 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7884 /prefetch:1
  2⤵
  PID:2092
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=50 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=8188 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=51 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7872 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=52 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7960 /prefetch:1
  2⤵
  PID:396
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1908,7828463507742316648,18220985554338652219,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=53 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=1100 /prefetch:1
  2⤵
  PID:1608

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2912

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3704

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:2292

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:3816

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:3192

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4356
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:4368
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.0.1943261244\364345841" -parentBuildID 20230214051806 -prefsHandle 1736 -prefMapHandle 1728 -prefsLen 22074 -prefMapSize 235121 -appDir "C:\Program Files\Mozilla Firefox\browser" - {64ba3bef-8c94-4cf8-b8f2-151a8a2f72bf} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 1816 15b7ed09458 gpu
    3⤵
    PID:4348
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.1.1344132881\2111349063" -parentBuildID 20230214051806 -prefsHandle 2312 -prefMapHandle 2300 -prefsLen 22110 -prefMapSize 235121 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b85f905f-d75d-4187-af60-c9107215b7f9} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 2340 15b6a98a858 socket
    3⤵
    - Checks processor information in registry
    PID:4872
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.2.1608741960\2113349318" -childID 1 -isForBrowser -prefsHandle 2940 -prefMapHandle 2936 -prefsLen 22213 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {35c36ec2-7912-492a-99b4-4230c894f514} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 2952 15b01bf4d58 tab
    3⤵
    PID:1144
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.3.1058419287\611638053" -childID 2 -isForBrowser -prefsHandle 3576 -prefMapHandle 3572 -prefsLen 27614 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d34214f1-41cf-4e8b-9c7e-5bfc04cdc7c5} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 3584 15b04850c58 tab
    3⤵
    PID:836
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.4.1404799124\1542397845" -childID 3 -isForBrowser -prefsHandle 5040 -prefMapHandle 5044 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {27f3bb10-d2d2-430b-bee2-7099b2629a7e} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 5072 15b06b7e258 tab
    3⤵
    PID:3728
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.5.996867191\1746759741" -childID 4 -isForBrowser -prefsHandle 5208 -prefMapHandle 5216 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f7701151-e324-472a-84dc-a67459600c8e} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 5200 15b06b81b58 tab
    3⤵
    PID:2132
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4368.6.108282596\1748786601" -childID 5 -isForBrowser -prefsHandle 5392 -prefMapHandle 5396 -prefsLen 27690 -prefMapSize 235121 -jsInitHandle 1332 -jsInitLen 246560 -a11yResourceId 64 -parentBuildID 20230214051806 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e62b456f-b4be-4932-84ea-82fbaab76cc1} 4368 "\\.\pipe\gecko-crash-server-pipe.4368" 5384 15b06b7e858 tab
    3⤵
    PID:3572

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious use of SetWindowsHookEx
PID:5428
- C:\Program Files\VideoLAN\VLC\vlc.exe
  "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar"
  2⤵
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  PID:5496

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0d84d1490aa9f725b68407eab8f0030e

SHA1
83964574467b7422e160af34ef024d1821d6d1c3

SHA256
40c09bb0248add089873d1117aadefb46c1b4e23241ba4621f707312de9c829e

SHA512
f84552335ff96b5b4841ec26e222c24af79b6d0271d27ad05a9dfcee254a7b9e9019e7fac0def1245a74754fae81f7126499bf1001615073284052aaa949fa00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0c705388d79c00418e5c1751159353e3

SHA1
aaeafebce5483626ef82813d286511c1f353f861

SHA256
697bd270be634688c48210bee7c5111d7897fd71a6af0bbb2141cefd2f8e4a4d

SHA512
c1614e79650ab9822c4e175ba528ea4efadc7a6313204e4e69b4a9bd06327fb92f56fba95f2595885b1604ca8d8f6b282ab542988995c674d89901da2bc4186f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\8aea37d6-dcee-4396-b1c2-4609262d46e3.tmp

Filesize
6KB

MD5
2a162e4c9d9b36a150f3123131d3b162

SHA1
d7b07fd228b01d2cdf59312169cb3deed92c3b1f

SHA256
717988c78c14c68fcdf079ffcf154bf1d9510ff98652d4fb351ec950e3243167

SHA512
86c9d5d3f065c6f3d08cc2c63d956ce5cb800311c6b1fafea8f96fe60021ea24b8ba9e9e863694a5c326512c1ee6d9d6d8771260c53030e24cfba8f6b3942a74

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000003

Filesize
41KB

MD5
a1e4e81b2e4636094e4f655b5846a59b

SHA1
edbdf8100d9c488b6495c5a45bc9f14fd4f90f22

SHA256
5d8958a5501ba7e0c3718852921fc8c8a40abc5cd86f0a4cec4b39e41faaa9ef

SHA512
508832448d9a19fe36942040aa0ad64357bf462b5c83609a6cc59aa2a316a3c2933431eaffa35b101bf2a31639d4a367739ce581b4a89328c6e47b7c5b23a047

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000004

Filesize
20KB

MD5
809ab54dfeaf65a1d814d0193f376d45

SHA1
84f3d538a5f57108640b2c221a301ab0e7c4c314

SHA256
d1b079325bdd624d4a56630fd8acc115bfe121f792e05b7bc060af4651a6a6c1

SHA512
828b3ad1b4255322d8e6e2ceb19efb1f4ff20bc0a80ed832416b82c5e8465285d5e6213c2bc5b84f03b2eb6b5e434608ccb77634cc6a1ace1cba01fa3bf6ca6e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000005

Filesize
40KB

MD5
c9064e5728ce30490ffe57f2cc60ae47

SHA1
870e176d01d11460c36d146f8705184efc311009

SHA256
9e86c748174642678845f8ea20d2139a1c003a6b93537e55e351e79489168396

SHA512
361a91a045dd1052627cf6ff639ab0b3ff40b353e9e362e8e44702bc12421c763d47d18888cad060b3691a9d73f63fc26323a68660ecb1fbc5e80e96da1e3607

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000006

Filesize
21KB

MD5
c22021b9d690bfbe066275812f795930

SHA1
ed9159715171031d0021fe03bd9d3956e3a21a11

SHA256
11d6f531142d91d765e5918ef6297c76e2c05cac80aa7f9b96bcd4c9acef8696

SHA512
62a6aa238fe0ce6cc83b7b3c1968a05fb622a5c5da283c039339881154cba91397554f86a70bc440bd646246a168c4751b9df471eb43e42be5ffa0dc34955c66

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_000038

Filesize
206KB

MD5
f998b8f6765b4c57936ada0bb2eb4a5a

SHA1
13fb29dc0968838653b8414a125c124023c001df

SHA256
374db366966d7b48782f352c78a0b3670ffec33ed046d931415034d6f93dcfef

SHA512
d340ae61467332f99e4606ef022ff71c9495b9d138a40cc7c58b3206be0d080b25f4e877a811a55f4320db9a7f52e39f88f1aa426ba79fc5e78fc73dacf8c716

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\00001fc9c4623f9c_0

Filesize
1KB

MD5
1f1f8ae5b851ac7415341cab2f9768d5

SHA1
8bfd0fd2a24095cf8bb70b6676a4a7474f6c7fbc

SHA256
fdcadead67c84c57c49dbdc862af3442621210e846d24f28e925ddacde01b3db

SHA512
eff0aa9af76a8e15c1b27f9a07b0ac2cfad3f6b36f0e2b2002b63dd4c18c498e327566275d362ea7d267f722d080063a80ffa52be490dbf8b7ef253c81c16968

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\05a0a3eb7119bd1c_0

Filesize
2KB

MD5
5beee4efb67a946f832e31a71aaaaa1f

SHA1
527e58533b5d44d403129d480f537de48d302745

SHA256
9ba6b47318353de91a8593d1ee3a41356ae0f886ed8de6c3c13ab3839a623d45

SHA512
2d7d4356644d06bb9d9fde744855c398e601cade0eae2ac16395a855e8179f2eb28e0064f31cf113657d20d2eee300dbafc022c002106a667fe8addabcaff443

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\0f4f2a2cf80284fe_0

Filesize
5KB

MD5
bb744cd4bdb849777091405bf6a09a91

SHA1
f21769d8fdfd7d1bbeba1a1351ec411973824b69

SHA256
11eb8f3509e14b2285184719bdea3e3e2809baa7a2d80c2f62ea581acf7a271c

SHA512
7bdaaef745fc90d3ad3e58a104090e9ede059cda7207fc581bc158102c12842b37784cf7116c27b4217f336abd9ae4281e32d85a424593dd05bf3406b5e8268a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1764f76deb69c85f_0

Filesize
2KB

MD5
4d8d7365ef728d2a92ab652b7bd20273

SHA1
b3f34df3f83b06d8420e791ea058bf4d8904b665

SHA256
3287155c5a3b856121265c1705843eca1529e5fe7a31b065d0a3d49ccfcd8072

SHA512
1632a93ee49eab6ae11fa490183213ae146f8af4592fdb6c3a425c89059312baf1a58e8f78bc46e2736003e4cf46083350d7bfe35a6de55e61d9fde8770ee4db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\1976e13fdcdc733a_0

Filesize
2KB

MD5
82da59b28935b48c32fe01394b2f07dc

SHA1
178490c78c4b6ed5bf722726ff9fb0b112297cee

SHA256
0d45c3d61ecb1ccdfc0b773f6d993d22983d85146ddbe494f45655084e30de53

SHA512
a86dec67aa4875520572d8035e01f81ded33646e8a7cd57225f5443e95b220aca4abfbdfd7d454fa5a18ff352792c1f8ed90ab49bc47e40cc276b9fea488225b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\313fca3febddc34e_0

Filesize
1KB

MD5
d410a8983dab662145cfd146b7c47f0b

SHA1
a5bbeb85b1924420293b5b5ca2bc5f813ddc89b6

SHA256
0c0fc5b93520b0ce8e079b281e48ea7198ef6912036a0968580e57af4a2d2a10

SHA512
e758d254a0d8134c38fd5e813025c0e0b25d52acaf3a91f1f73b7b7af3e466395d1ddf5d847b02281b310d2df7baf4e6c82018a7910f7d8fde7a525bd74097b3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\3f908eb48725b239_0

Filesize
6KB

MD5
a99eaa030d0d57deb0fda4e0352674c4

SHA1
464c7a7ac089dc664e9dcee6a576aa6c251fe28f

SHA256
ce2bd4299982f3dd142ed1a9879b08ebd2cddf1f2d1b1f876f9666ffcc872eb5

SHA512
43c18aa5097c7924d70555bebc3f939b8e0e82327adb11bc25fb0dfd2d9431a5e5c1daea85355202107b0342cae7e39c0ebd36200debb3fd4dbca5b18dcef928

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\80252f778f85295f_0

Filesize
1KB

MD5
613771b01d8d79093b2d070ca3295b99

SHA1
cbb7ff8c9ce00d88e3df7c07f81708ec55a4ffde

SHA256
4a13950399f9c2768269771a5e6b71e64c2bf76b43c86103c0d049f1261e1054

SHA512
864770e7bb849b180e4e311a652499ef376858c9e3155a9a9f5bba0e54454d2b644058e832f22ab68c5641064ef39b69f910413a782f2436d2b1f87d8bf537b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d1daa5b467082b95_0

Filesize
1KB

MD5
18383f409893a3df9ab893cf4dc0627d

SHA1
bc20f8dc62b11df26b23fac820191bad9ad34844

SHA256
9023019f4a7fdae90ff61eb007eae7c3a9e062d30301803bad8bd637687162cb

SHA512
ddc8b6fc330e0193957edc121a4eaebae642fb53988219ba604ed920bab36ade2266c91ff8371e07027e4a3ec6017aa33ad616c80767b3844122f36c7d67de98

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\d3e166d21888f4d5_0

Filesize
3KB

MD5
64f7922999455a0added5fb50fcc144a

SHA1
6633c710e67ba506636d1bb2ce166dc592ffc760

SHA256
f71b9f0367092bdc88af6b0d13e9b67b10cd4206881e3cc8720626100ef106a6

SHA512
afacd4e5c7a159600fa68c062a19cad37b50a3847e1a3cd1b971bc354a5bb6efc4e3d2f46282b72c6374678bd8dea5f203bb8eabd183f07da85fe1cd6767a9c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e052e957d61c2461_0

Filesize
854B

MD5
288fbe373311a4d0cabd9af8ace7b4da

SHA1
bea01875b778b86450959eb91d70e1118a38a00e

SHA256
759deea42c55301231d4a172152d84e9da779daf824d142d0d60210872ee4920

SHA512
f82eda44a1cb144990ea008c351e8679c360bd8e84f36ae662e58ef3d8c2ba70cffc29dbf739c6156537ee589779683135e1ff1460ccf7ee1199aa0e083ac802

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\e41c27795c82a3a7_0

Filesize
1KB

MD5
8a7c339b7b2ac811f7380bc661680be5

SHA1
25bb8861c4531197c86afa68b98ba88d18edf374

SHA256
63004a92dd36079a73fdc5c28f24ea65153d3931ef0f9c6ebf4ef0d80759cacb

SHA512
448e0b1ad2092b02650ebc96c99b73e3156462dbfe254efd4c1adc99f063c39141fd23799934b66435ee34779052f9308ee188ad7c1547689f89a352e7bf6b40

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\f2ff3527d0896d1e_0

Filesize
2KB

MD5
8d457ee232b83a8fb8469446416b8edb

SHA1
45088b982b00f6c3eaf8795ac908c12399aef797

SHA256
fc3c891faff470064de8e28388cc108000fee51f543e5eda75b0386be5117379

SHA512
e28724723cebe0c12d44510974e0c33e23eb40feeea06c8aab3b6a0177ef48c167910ba0061ecca470ced72867eeb7fcf9b9837ddbccce647d8b6b4560a3efbd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\temp-index

Filesize
4KB

MD5
d39a4ca60c79f7a4ed224378b0817e6d

SHA1
1d7e2fba4a858e42719665642308c4584cd71689

SHA256
0e31afecf170291bd9dab90f76c31a99a8b0addc540ce32011f05c8ba991b18d

SHA512
b983ae740f80c5172d5769514e9ceffd5211a4354b01960b3216a7be51d0fdc02ea0ba3abfdd0bb618fae787436a176aabcd2747033388e933290b802e12e3ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
4KB

MD5
55c0c37d31026f6c812b40dc8e41bb5c

SHA1
bdf495a15361ddb01d09560914acd94c6cc5e906

SHA256
92d3c5bb8a6f524ac013259b9179e3ff16471237a46db33420f0d7fbfd5aed9d

SHA512
b6d6faaa2b60fce8d7c79470a75ea35cb3405a86e57c0dee4d94e8ca67b48dcda83906431dacfdf6121e562cd9e85227ae5b94d951996d58abd1e73a9d989728

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
e306dd4f999d180db6973c64bac6027d

SHA1
5ea8f86960f8b7ba3938ac365a59a85e36e84d51

SHA256
5e41d9d79dd4c5415d3b0b9a105680f928ccc031c75490192ce17aa8dc1ab8b6

SHA512
8ff0e26df660d7e09a55617553aac1552831f65113495b7471e6e236a7af26f7bfce404e032022cdaa4a474721bbf0878ce8c243dd4029ba578b0d747863a202

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c25f540e4ac74fd93f52aa1c0fd9ae25

SHA1
a39eea6983a6f1d943754c14f6ce7d931101846e

SHA256
d284ff432892cfd89f4c5d5f299a8215580ba861cf3fd7c89b525c6762a3bbd7

SHA512
b40247a7182314d7229ff8efe99f251a5e065ebfcf3bb09b8a7c5f4d65d16ebbc03669da89517796f491175b26d4b9c131a0104c5677dbdf2866c7fe7783049c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
f7e7b22c20b66cde69c25a4612ed1cbe

SHA1
5834ecbbaa12bed94ba9fe8479b6d7619a36490d

SHA256
a2df5e28af9906110f213859043363c5a90c47810a14c3299d0e6941af66ef4c

SHA512
3b3ca99449761abef8e4817133a8f742160a120b0b0eaef2bcde4643616a00dcc220983c137783c12c813ce31919cdc9ff439eba18b32ee71eb52ed188a662eb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0275dfc0be2a791a687fff9656b94ab0

SHA1
d2dace848f800efe8a59514c87ce166817da5219

SHA256
89170bce9a034ce8d3972101a39ef8c8e6a8ed7f8af3ba6318f76f614004d7aa

SHA512
c024ad687590937f4c986f38d7daaf03c5b6c5caff3e80fe740eed4349e95870931470f734e8ffeafefa29b56bf783d0a67e7b6e5d36a0e279684a896dba0502

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
17f430f38627cda9b053dad7ff50c626

SHA1
8f004166a1c7460e0881815be8adf0450cf3b6b6

SHA256
76d4d817d3df1c0f260ff01c7a3a6d72e79f29f4c7726fd3c362713f7fd26fb7

SHA512
63ade3e9b6c7b9cfb409a8990cbf6c50419917c83b8b169d57e669c5c1e498e1abd58f5136db7219fefc26297861d94ac572ebc7536519dea0d74e00fa9bb940

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
576cabc03e00bc5b5b7a76538062d7f7

SHA1
c546eae3a452068e56229f5cb486b876fca5e16e

SHA256
cd81f1848e96d2bc817d4f8029c5d8005a6ce44a7987f462351e59af0bfe0c8d

SHA512
9b6b0495e045aa1c5e7052a457846974144132246155210478d8dce5c5fbd1dba10d5af0a6058e7012099acb7708f9a725144c5d151b9f62dedb6045576726f5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
0f658d8810f06f8e522cb36ed7bfb02b

SHA1
d2e488d0882ccc2c149e8cd2a35cdea5aae02345

SHA256
e5aa780a412378cadbc15534fa84e573bcf2a83c71016887bb051b092e302f21

SHA512
a79f1961448cc53effee5877d984753e72ff3c618f742d95af9832d4e57cc87a684a4b9c483544dcd84b806f51daa2ee2c8f2588c5e189c4a6c0b1092b8ddd50

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
73c9e78410f6be879f70d641db02431f

SHA1
22c4c6b31eed5a095837fb5d163ecf771103a78d

SHA256
566bd0ae2a08bffd4b08b3f92d7b458e5f843cf4a44a45f9fa7991e7203b1b7e

SHA512
cf98897a3d2f6818ebc1768f0e8001f6a5c38cc2f9ca58376814fd1225c9b8ec7a4182ab9275d121d831590f5ffc581dbebe1c93165fb8cf9889ae05a5a5f694

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
3b9d98f5e21c3e016f41b3040a08e778

SHA1
8193cfab15f0d21ae04804d6c3f1cfdeb2dcbd1c

SHA256
901f1eb5d69dd183d4e25b555dfab793d02175f3e26540d50ea8a92911aaccca

SHA512
c08656e422e5248d08d934b114674db0cec39100a7d422a6bf1e157a113d89ea660b648c6b14a881de08cfec1bc1427292568b051872a1550197f3550a51d0e7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
764c713b90532af6e0092d06dd517f81

SHA1
96e12f9849ac51270afb6fc7a6e5e5b7d928f05b

SHA256
ea9c2a11134ddf89904fa5f82e36f06d359e88ffcbd1e96f8cbe10280c4950a3

SHA512
3c38fc1215cfa3046c1a67d4db1dfbbf595b838e820751666aeffc0ab7835ad4246444082a13b635b715554de29b085ab391f08cb3678055d16049d2807d3f25

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b198bc063901f98da67d2a028bf0c308

SHA1
cb466e5e3881bb2c0b3b87f3c30858bfe78c2fad

SHA256
7f22ac255428b134e21be3c4f2e253d46bcd2c2482c3c9759166ac2019c6e287

SHA512
c02eadbd2ac683bc6bb99efe28fe9fcdaf57fa23e5af8ebe88928f352a982db37f5586142bb79046f309314b87f38da98fd7115c3dc93257eadf2aa9069e35c8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
b445d1f870be34deac12b53c9eb481ed

SHA1
b0a97117dd8e6603db9c2e0cf7724845c4e66dff

SHA256
de0d299e1f4f8e749739994d457b20ccea6d2d660bbd1b1ef8bedcaadbd2547b

SHA512
f40ff33e1ec70270052623bc5cf455e84e32a69631db73458df2444d5c099071288701dbc69f93939e85d913ae0e60fd6af53947615f25774f188465e9891384

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e3abcbcc17efb0c0f2d7e008f203dd4d

SHA1
715512117599dbb86db83eccc4e40c7d850b1348

SHA256
9414fe57aa3b45aafb4a5901666698c273f13da95a517b6f703ce0c1dddc2c20

SHA512
506282c5f3a61b73cf03d50b7ba2f504e516fe535357940b6d7b6d32aa6a6e63029f5c3a4ac6933375318bebbcd664b7d7e9e4ec837a3c73e2f046632a0cfdb2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
db37d4060394717cd451354efc9a03a2

SHA1
b8c2544aa081cf6c6815af76013626c572378f82

SHA256
ea05c5bba11d9cccf83bca1727311fdbc6aea038857745d445c31f26190d6cc2

SHA512
8cfdbf8085f42eb52d7d31a7811eb0fdff48b67b91ff8fedc308c6e7a65adc4e75ac847381c37b72e6e6c5cbb40389bfbd2ff140e56b513144b8374994725434

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
9982fb6fb6e8332f6d78f2d3d8caf5c8

SHA1
98d1902940bfbb0085120d6c3c53826f2cc65217

SHA256
6dafc972bc1bb9ae6ed0878fca678d9056399e5fe89be7617f3ed4efc5109420

SHA512
1777c635099cda0699d6a7b31ef417516c883f5121b57266707e96b09353e67dee25adbf5a72b18e11d5aca09bfa271c16921f98c1e93236a9d3fce68cf95cea

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
9e5d1c513f271dee9be8ac11ea749a38

SHA1
a1961c924e29b9a9ea17fab347ffcfb82ae6efaf

SHA256
3ce2d670ff164e7a026fec43a0e8875b87c160f3306151b7d1a5e70e64cd5a94

SHA512
08ec7f3b56aeca44ec8f0943e7bf9cd1c8b8a5e05c83ba2d2baee9b10e5d7e606720512f2a6551ba64b9336be7a2efd65b100343969f0ef542a5b734ff46c890

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
538B

MD5
b6e333f8b9f1c0a4b069e65fa286d9fd

SHA1
c5b59c245d51317e2244d8e8a04c8acb2d37c07d

SHA256
1842c0fc9e203f488a13bb626c0cc501d68a8ffb9a61eeb8acf3728d35c0bba8

SHA512
019417ac54d20b65229c98ed1e6ffefcc16d0f696fc71403daba7614eaba10c0bf19bb88af4b3a672501c8ef61a8e46c9ccbbe47bc2e0999eb4f8b7bb5013884

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
d6c34ec91a0efe62de0770e676538619

SHA1
198a1516d87a5147548252be47daf57ba5dbbfd6

SHA256
e3a39e6ab2ed5e157ef8bbac3f9cfe8cd0e7a04345644704c28cfb5078a20d00

SHA512
3300bd62bdfd32aaf6d38942826683a0d75421cf771a68423bcb4399d653fe8000eddbc67350735a48cb45ee15c164bbdcd7a6b52062412e634f71f40b8aa584

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
cc54cd88331f659498c497d26cfe3584

SHA1
4affef7438c263eb76d057569ef306c9ca1cd183

SHA256
680945b06fcab611652bf7d89bc7da5531fa8ba2a26b91e35a9f436d4f1b899b

SHA512
0299e3575b13ce3eebe2f66b7f58054433c44cb08d501b41e989dc5ff8b71a97566d1059781230a6b8f10591d62d39094432662ff33f3825dfb36adb82cf3910

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
370B

MD5
f8f0f026af42e3f5ee1893d70cd4241a

SHA1
d833bfa73264e1b573930fe13fd4983cb3a0016f

SHA256
6907a3c20f7182171f10f236d5c4b87e78f257245d6255a8f55ffd0ecf065bcd

SHA512
3c2b76c8de4dd2c29cb48a05b230a33dd7d858245945ede340a44ab21ba38cdcd80dd1172cfeff23c47c91be6f4e0ec9aa644dd8d67fbe56ef23c5f5c47990b5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
98f346f6f4656f11fd9be05517bfa6b3

SHA1
9f180e677da38540618ec89331e86aa9ab69bbcf

SHA256
159ebfd62e66319e815e851d95d270966035f90eb525c4e708d80c79afbfa868

SHA512
9f2e66e65b28da496d7cc37b930e63bd0cc0e06206c015a4fce4d22b2641b3c788bbe17ff8b288490f7f90bbf9164f33810b0a91ebde90ff5b67fe2211ccee06

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
c4924cf3f103c0295ff7a2baa4573c62

SHA1
5e8f2f9292697575fd01737b8d10e3fa7ca37dc3

SHA256
16cc0b17535da1976a4555e3e86eccbeae9a1a1ad78e1ed16697222833187a73

SHA512
f75a60677c2f09d5f00b51df53ea22771c8c137cc8617a0188ed4c1b013785a667d3aaafd2afdf9404cd3d83ffaba5f6a7bce42866df828d71085c00db918fd5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
37e76708daad0d111dfb27ed994d8bee

SHA1
f1bdb15af2bda22428d8aab15619503e88390b5b

SHA256
eeee828019bab16c3d5e4d8dd466e7ddb2331632b47c79322319712098ac8b2a

SHA512
868af1b044e95a51338b268a582856fbbd63fc11eeb38191223c8446bf87e9e15a81e4fc6ada763019d0b1b392a6cb3f422dd281b1fa2e973124eccc7c2ba4aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
188cc5e2ba08e36a4e774f1a1d93e5f7

SHA1
67582a19b524a990949ab62d63d4109b55d84651

SHA256
e263d1f557ce57b9cea763194f3a701f52998d4fb55b17aea785964122f739f8

SHA512
29642793e06ebf60df2bc424ca351a0ea8e3919d7ce65f03394a7e8c6c80b0a8c7e3abab314de806d8c0b39eb14cf64b578a17607e61e31fa153049ebc7e3e48

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
2aa8d1b74f976616701b60c9067450be

SHA1
6004a9e9c0bee2d6b6aa2345f24b42c856382d54

SHA256
0f05e947eedd6ad9729f76ffa632964f2c5b295704117b91e24360b6075fd691

SHA512
4e7bd8145bc7540739f1987fd42b42e722e67a13f03ca78ed80c41a4bc03c918bfb19eec906f1d24ecb5b55fdf5af8008239d1a0e05acde66bba6132d72b65e3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
a7f15d1a168d6a30e8845f74a40176d5

SHA1
98742129d25052d61c84eeb6ef85b67da7351fd4

SHA256
13cb097425bc900ab61851441424491d9021a64bc8c2cc20e417f9f8c7dcab36

SHA512
c782805236b1b41366835080667721a54baa0f6643f8b48d0231866eb24173553d1c6dcdf312867b0c6d5c413a451e256174a8c734b15b960e3d369f7eb9f671

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe582b12.TMP

Filesize
203B

MD5
559280ba283f9c4c3b2fdd2d001fcf5b

SHA1
2e0db9fe7fd9c34eaf0ae3ea24b53d600e0fa876

SHA256
8fd4bf82709ceaf2040c075a46488213c64ea010cfe32e21c2ccfe2619e5b1c7

SHA512
0cc6ea7978ab22d3062f6f3c4ef3fe1c4ef0a7895b34723e5e9713d21b63f37e91f1c78c51f22f53155bc841194b32c70a8cfba86ea57a47468260010105ce3c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
a9f0101cbbc40e13bc85510ee14979e9

SHA1
c1c7aa72648bfae6253902be2f552fc3ef5d5be1

SHA256
51b735e615c2e7cc8ea8f28298cd9fb966219f11f36d3f4f88f031bd7c13993f

SHA512
c38a79ca29d432c488e885c83afa4dbde3d66078a13e1e2cd52917199a1c5fd69508f443728817b2fd5c46420c4e9265b1c30e0c4759989d48c5dabc25a295c9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
675238b247480a84bb754e83bc56b160

SHA1
bec983f6d92dbc4b9882e7456d7836b2d287b490

SHA256
3e8bb289df72c8843e0c5e82e778b2ae7e0019a164e9e8594c71f20f754b6db1

SHA512
1d54f7c7d8d1accc8667502720dc9a1f2449a21b5f1ca5465dccf8a84328d77b726ebcffe4ebaca21ecf699fff015e6579d84801cfee95cac162cc1c8ac1e083

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
d625cd9310e7ef75160099a8a3661013

SHA1
83f7c99b0b77b5b2ae83502716b55eca7fe71cc1

SHA256
ced36f30cb76f16c0e646e345e0c63bbc65a680becf4cb3657f96dfe175e6f40

SHA512
a3c7f90f94d0db399c4782af1021ecfb7685e489a67ae64515e6abd14eb1b852f3023e6122e015d309f59818a994540ea0d4ac4c8d02d5e4de05be67a532a95d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
bdb0aa8f5bfd96cef69f4f842bcad665

SHA1
2de1fd654637c53c746a0a46fb8b4b5bf7880289

SHA256
0eddbc5a43a0d8e4cd59f1d944101c8a66f493c4164de2d13076189333175413

SHA512
9abbc873b1671a8144c2a122e38eee9184673b87c0c336c1e439f53618379ea07d5248de58e9cad6a4f5c921c6f238044faeaa41820cb211cb500946197e9ffb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
42c4c07173e47c74129a9c26805849e2

SHA1
34bae06a395bfe6e3dbae613200dfb4d30e14f4e

SHA256
c889d3a800ea5ca7fc2f20e3e1d4e4cc072a075bc940de3d3367ec32dc3e8c3c

SHA512
fb9bd54cb9d53e043c86b0e75bbc6e2c7779a2397ebd73fa77fe0c89be603fa21fd2bf7707bcaa508826836dff4cc868458d6f8f32be7334224c37dad2c7a55c

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\activity-stream.discovery_stream.json.tmp

Filesize
23KB

MD5
565fb31deb815821f3c1036f457ebbdf

SHA1
daf20cadfa93165c7f39f5ec236c3cdea8cee08c

SHA256
44ede3756ab2aec1ef3778c5ae450bf8d78edc42d79ba3d223d01d93e09dc387

SHA512
7b1563878a54ccf02e20a0f063e2441a1f10d74df71ac6a9a93040229d4fd5cdbdaf4db7e7a3cc97b80835b1952d2c379b4b672bef061c0b85fcb59bdb365fa7

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
10KB

MD5
5be651c1c93615919222567bbef9c75b

SHA1
6e26b687027b53ccb43d3bbef6a41833dd60632e

SHA256
daf674403e6593261e94bf5d6f467fd31b5e61e3af2db491f053ecb423e5a887

SHA512
084bbad07a7f1947bf0af9d21e6cb9b5d50d1ce3c8759608fbeda0f59cfc24f53c702bd072dc89549a85ab549770e95ae287e6fc40ebc1ac1cfafca8db8fd3df

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
15KB

MD5
db714c8284ece067ed6c3643a0564560

SHA1
2834437d9dbbc0faf4b18ac92081278be2283110

SHA256
b658b7183b866be6b89af8b5c3bf17fbd6dac98a705f06ec38ccdbdecf8b934a

SHA512
fcee456c54375ea3b85410e05d493c1aa329a3fe0a866cecaa72ea972f8e6235de24112acb47a81ee7a9307427c96928d315de75a033ca9e3b96921db0024ac6

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ccba5a5986c77e43.customDestinations-ms

Filesize
14KB

MD5
6fc2853eb5ac5beaec70505d4b5811c6

SHA1
808b9b13461a8d86bc720b21bb6bbee151dc3be9

SHA256
348a8e0277f6288f4851c1e0b01c898a0ae7519787a39f7bd1c1e6fa895fc134

SHA512
348e3d792a6c18ea84b3fce22b9cfeee305e7ccb1de85f13d2e07afe1881197c88ca52d4815272fb179fb4c5981046b1316f8515ef04199b80f4342d8843bf20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\prefs-1.js

Filesize
7KB

MD5
ad41de1dbf8b11afaf49b90483b47eab

SHA1
49af8e4a248c4ec37bdd629d3dfc100bcbfa1874

SHA256
e6237fcb6eb75d93ee92d6ee958f8c312f0f5ee29b6fcaacb048f9cf172b9676

SHA512
444b0a947cc19241356a2015d66697e47d8dbc637ac85a7f09b21c589c339fec9f950c5f28140b18f0dbb8804b2200ab559ad0976b2390946031ee6288f3193e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\dpu1uz4v.default-release\sessionstore.jsonlz4

Filesize
904B

MD5
a6856e254685117675104309f7ace145

SHA1
40adae896d95eea2e5f3db588ab7c80737e7ef51

SHA256
9bfba1b6b7ddd4edd0a2ba283e1d17d64bc533909162fa277b8576982c64bc0c

SHA512
a64edfbbc44cbc46bbaefd4452c03ebc2d813aad779ade642bb73de1f490e1844483b38c6c6a117ebaecd5702faed9535fd2fc1f46f5f97401f695b22867811f

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
180B

MD5
145b6e99ba6c7a4ae9aafe181f1b570a

SHA1
d2ceb6fa0214043ad7dd9f1ece209d75e22b3b52

SHA256
85aa7e63ad4b7602996aba7980244cb1950d5df0f19d7d9a88fbc153af7f0d63

SHA512
c40f8da9aed97431f2a12fc6f7f8df47f83c2ff52275d560c6e55775d8fe19e4c8d4fc13f333489717fa9c60610531a8814f86da204df58815e879201580788f

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip

Filesize
12KB

MD5
8ce8fc61248ec439225bdd3a71ad4be9

SHA1
881d4c3f400b74fdde172df440a2eddb22eb90f6

SHA256
15ef265d305f4a1eac11fc0e65515b94b115cf6cbb498597125fa3a8a1af44f5

SHA512
fe66db34bde67304091281872510354c8381f2d1cf053b91dcd2ff16839e6e58969b2c4cb8f70544f5ddef2e7898af18aaaacb074fb2d51883687034ec18cdd9

Download Submit
C:\Users\Admin\Downloads\MEMZ.4.0.Clean.zip:Zone.Identifier

Filesize
652B

MD5
daafc1fe9e12f0979652188f85321ac3

SHA1
fabb46ed8775d89070df8b17303214c707c50afd

SHA256
41d850d940476b243c38d13eff12c1b7b3a888b90abb0ee7d18bf3826f332a9d

SHA512
2b742359d0e783f506b21bdd18c1667c954fb03e305c50d7798fa4d620d36bf9fbd2c52a1b9b70fc13663d471c59b5d9a8abe647bfe677fc4def7f5d15274460

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar

Filesize
17KB

MD5
352c9d71fa5ab9e8771ce9e1937d88e9

SHA1
7ef6ee09896dd5867cff056c58b889bb33706913

SHA256
3d5d9bc94be3d1b7566a652155b0b37006583868311f20ef00283c30314b5c61

SHA512
6c133aa0c0834bf3dbb3a4fb7ff163e3b17ae2500782d6bba72812b4e703fb3a4f939a799eeb17436ea24f225386479d3aa3b81fdf35975c4f104914f895ff23

Download Submit
C:\Users\Admin\Downloads\memz.by.iTzDrK_.rar:Zone.Identifier

Filesize
653B

MD5
83c36980fa6e4f0d1eae859a2fd55aa8

SHA1
aa4f0b8b1e44490d082d92825ad8ac825b7db1e3

SHA256
4c9318a3a41eb51b1eaf5f33bfd6c52410483f3182dfc7a4daa3f8124b22df45

SHA512
17c325977617b142d53c059e47b4ee1fcfff632bda18b35fd84897a650502de38c9aaa0a500e80ea333a8df9b6928c6491fd8af7d5075189221aaa7da09b12bb

Download Submit
memory/5496-962-0x00007FFD06630000-0x00007FFD06641000-memory.dmp

Filesize
68KB

Download
memory/5496-950-0x00007FFD18E70000-0x00007FFD18E81000-memory.dmp

Filesize
68KB

Download
memory/5496-943-0x00007FF6738C0000-0x00007FF6739B8000-memory.dmp

Filesize
992KB

Download
memory/5496-944-0x00007FFD196F0000-0x00007FFD19724000-memory.dmp

Filesize
208KB

Download
memory/5496-956-0x00007FFD07A80000-0x00007FFD07AA1000-memory.dmp

Filesize
132KB

Download
memory/5496-957-0x00007FFD0F700000-0x00007FFD0F718000-memory.dmp

Filesize
96KB

Download
memory/5496-958-0x00007FFD07A60000-0x00007FFD07A71000-memory.dmp

Filesize
68KB

Download
memory/5496-959-0x00007FFD07A40000-0x00007FFD07A51000-memory.dmp

Filesize
68KB

Download
memory/5496-960-0x00007FFD06670000-0x00007FFD06681000-memory.dmp

Filesize
68KB

Download
memory/5496-961-0x00007FFD06650000-0x00007FFD0666B000-memory.dmp

Filesize
108KB

Download
memory/5496-997-0x00000204331E0000-0x0000020434290000-memory.dmp

Filesize
16.7MB

Download
memory/5496-963-0x00007FFD06610000-0x00007FFD06628000-memory.dmp

Filesize
96KB

Download
memory/5496-948-0x00007FFD197B0000-0x00007FFD197C1000-memory.dmp

Filesize
68KB

Download
memory/5496-955-0x00007FFD07AB0000-0x00007FFD07AF1000-memory.dmp

Filesize
260KB

Download
memory/5496-964-0x00007FFD065E0000-0x00007FFD06610000-memory.dmp

Filesize
192KB

Download
memory/5496-949-0x00007FFD195E0000-0x00007FFD195F7000-memory.dmp

Filesize
92KB

Download
memory/5496-965-0x00007FFD04FC0000-0x00007FFD05027000-memory.dmp

Filesize
412KB

Download
memory/5496-966-0x00007FFD04F40000-0x00007FFD04FBC000-memory.dmp

Filesize
496KB

Download
memory/5496-952-0x00007FFD14C90000-0x00007FFD14CA1000-memory.dmp

Filesize
68KB

Download
memory/5496-967-0x00007FFD04F20000-0x00007FFD04F31000-memory.dmp

Filesize
68KB

Download
memory/5496-968-0x00007FFD04EC0000-0x00007FFD04F17000-memory.dmp

Filesize
348KB

Download
memory/5496-953-0x00000204331E0000-0x0000020434290000-memory.dmp

Filesize
16.7MB

Download
memory/5496-954-0x00007FFD05030000-0x00007FFD0523B000-memory.dmp

Filesize
2.0MB

Download
memory/5496-945-0x00007FFD062F0000-0x00007FFD065A6000-memory.dmp

Filesize
2.7MB

Download
memory/5496-946-0x00007FFD22600000-0x00007FFD22618000-memory.dmp

Filesize
96KB

Download
memory/5496-951-0x00007FFD18DB0000-0x00007FFD18DCD000-memory.dmp

Filesize
116KB

Download
memory/5496-947-0x00007FFD22280000-0x00007FFD22297000-memory.dmp

Filesize
92KB

Download