ce50b4d522be16210878aa70a93f209c81033c8c662c01fca4d6698f4d8fa69c

Analysis

max time kernel
449s
max time network
410s
platform
windows10-1703_x64
resource
win10-20240404-en
resource tags

arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
submitted
15/06/2024, 20:52

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

jellybox-setup.html
Size

4KB
MD5

a310312c4b61a67725ba686e0cdd505d
SHA1

02e706633def5f774144e4f6523ab3420e9fe188
SHA256

ce50b4d522be16210878aa70a93f209c81033c8c662c01fca4d6698f4d8fa69c
SHA512

82532b1f0d9b54033dc856843e6d8bb6b22861fb8947a6407b9383f631dbd33e7b6ec75aa6a0c2e2ae77a0b86d8181a5d272ac0444a59d1596af4888408304c4
SSDEEP

96:1j9jwIjYj5jDK/D5DMF+C8EZqXKHvpIkdNGrRB9PaQxJbGD:1j9jhjYj9K/Vo+nJaHvFdNGrv9ieJGD

Score

8^/10

discovery

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 3 IoCs

pid	Process
6360	jellybox-setup.exe
7028	jellybox-setup.exe
5852	jellybox-setup.exe

Loads dropped DLL 12 IoCs

pid	Process
6360	jellybox-setup.exe
6360	jellybox-setup.exe
6360	jellybox-setup.exe
6360	jellybox-setup.exe
7028	jellybox-setup.exe
7028	jellybox-setup.exe
7028	jellybox-setup.exe
7028	jellybox-setup.exe
5852	jellybox-setup.exe
5852	jellybox-setup.exe
5852	jellybox-setup.exe
5852	jellybox-setup.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 5 IoCs

description	ioc	Process
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdgeCP.exe
File opened for modification	C:\Windows\Debug\ESE.TXT	MicrosoftEdge.exe
File created	C:\Windows\rescache\_merged\3720402701\1568373884.pri	MicrosoftEdge.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 8 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Modifies Internet Explorer settings 1 TTPs 3 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	browser_broker.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000\Software\Microsoft\Internet Explorer\Main	MicrosoftEdgeCP.exe

Modifies registry class 64 IoCs

description	ioc	Process
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0"	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\History\CachePrefix = "Visited:"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\bing.com\Total = "600"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\AdapterInfo = "vendorId=\"0x1414\",deviceID=\"0x8c\",subSysID=\"0x0\",revision=\"0x0\",version=\"10.0.15063.0\"hypervisor=\"No Hypervisor (No SLAT)\""	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = d25b302266bfda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url4 = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VersionLow = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\Certificates	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CacheLimit = "1"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DomStorageState	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1"	MicrosoftEdgeCP.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Discuz!	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\Zones\3\{AEBA21FA-782A-4A90-978D-B72164 = 1a3761592352350c7a5f20172f1e1a190e2b017313371312141a152a	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = 3be27c1e66bfda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = ff7e991e66bfda01	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\CIStatus\SignaturePolicy = 06000000	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Settings\Cache\Content\CachePrefix	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "395205405"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsTime\url1 = bf91dc5066bfda01	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-SubSysId = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\NextUpdateDate = "425267763"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\MrtCache	MicrosoftEdge.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$vBulletin 4	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\CIStatus	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CRLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Cookies\CachePrefix = "Cookie:"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "749"	MicrosoftEdgeCP.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url4 = "https://login.aliexpress.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Privacy\InProgressFlags = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\NextUpdateDate = "425280633"	MicrosoftEdge.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLs\url7 = "https://login.live.com/"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url8 = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\LastClosedHeight = "648"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\DXFeatureLevel = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionLow = "0"	MicrosoftEdge.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8"	MicrosoftEdgeCP.exe
Key created	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\EdpDomStorage\www.bing.com\ = "0"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\002\Internet Explorer\DOMStorage\Total\ = "49370"	MicrosoftEdgeCP.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\TypedURLsVisitCount\url2 = "0"	MicrosoftEdge.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-873560699-1074803302-2326074425-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\NextPromptBuild = "15063"	MicrosoftEdge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File created	C:\Users\Admin\Downloads\jellybox-setup.exe:Zone.Identifier	firefox.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

pid	Process
3400	vlc.exe

Suspicious behavior: GetForegroundWindowSpam 2 IoCs

pid	Process
2236	MicrosoftEdgeCP.exe
3400	vlc.exe

Suspicious behavior: MapViewOfSection 8 IoCs

pid	Process
2968	MicrosoftEdgeCP.exe
2968	MicrosoftEdgeCP.exe
2968	MicrosoftEdgeCP.exe
2968	MicrosoftEdgeCP.exe
2968	MicrosoftEdgeCP.exe
2968	MicrosoftEdgeCP.exe
2968	MicrosoftEdgeCP.exe
2968	MicrosoftEdgeCP.exe

Suspicious use of AdjustPrivilegeToken 14 IoCs

description	pid	Process
Token: SeDebugPrivilege	2884	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2884	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2884	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	2884	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4120	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4120	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	4120	MicrosoftEdgeCP.exe
Token: SeDebugPrivilege	1676	firefox.exe
Token: SeDebugPrivilege	1676	firefox.exe
Token: SeDebugPrivilege	4552	MicrosoftEdge.exe
Token: SeDebugPrivilege	4552	MicrosoftEdge.exe
Token: SeDebugPrivilege	1676	firefox.exe
Token: SeDebugPrivilege	1676	firefox.exe
Token: SeDebugPrivilege	1676	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe

Suspicious use of SendNotifyMessage 64 IoCs

pid	Process
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe
3400	vlc.exe

Suspicious use of SetWindowsHookEx 16 IoCs

pid	Process
4552	MicrosoftEdge.exe
2968	MicrosoftEdgeCP.exe
2884	MicrosoftEdgeCP.exe
2968	MicrosoftEdgeCP.exe
2236	MicrosoftEdgeCP.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
1676	firefox.exe
3400	vlc.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 4120	2968	MicrosoftEdgeCP.exe	77
PID 2968 wrote to memory of 4120	2968	MicrosoftEdgeCP.exe	77
PID 2968 wrote to memory of 4120	2968	MicrosoftEdgeCP.exe	77
PID 2968 wrote to memory of 4120	2968	MicrosoftEdgeCP.exe	77
PID 2968 wrote to memory of 4120	2968	MicrosoftEdgeCP.exe	77
PID 2968 wrote to memory of 4120	2968	MicrosoftEdgeCP.exe	77
PID 2968 wrote to memory of 4120	2968	MicrosoftEdgeCP.exe	77
PID 2968 wrote to memory of 4504	2968	MicrosoftEdgeCP.exe	79
PID 2968 wrote to memory of 4504	2968	MicrosoftEdgeCP.exe	79
PID 2968 wrote to memory of 4504	2968	MicrosoftEdgeCP.exe	79
PID 2968 wrote to memory of 4504	2968	MicrosoftEdgeCP.exe	79
PID 2968 wrote to memory of 4504	2968	MicrosoftEdgeCP.exe	79
PID 2968 wrote to memory of 4504	2968	MicrosoftEdgeCP.exe	79
PID 2968 wrote to memory of 4504	2968	MicrosoftEdgeCP.exe	79
PID 2968 wrote to memory of 4504	2968	MicrosoftEdgeCP.exe	79
PID 2968 wrote to memory of 4504	2968	MicrosoftEdgeCP.exe	79
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 3756 wrote to memory of 1676	3756	firefox.exe	85
PID 1676 wrote to memory of 5020	1676	firefox.exe	86
PID 1676 wrote to memory of 5020	1676	firefox.exe	86
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87
PID 1676 wrote to memory of 1504	1676	firefox.exe	87

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\jellybox-setup.html"
1⤵
PID:4604

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:4552

C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
1⤵
- Modifies Internet Explorer settings
PID:2396

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: MapViewOfSection
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2968

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:2884

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies Internet Explorer settings
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
PID:4120

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:2236

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Drops file in Windows directory
- Modifies registry class
PID:4504

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:4572

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:2124

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
- Suspicious use of WriteProcessMemory
PID:3756
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe"
  2⤵
  - Checks processor information in registry
  - NTFS ADS
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1676
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.0.1692979458\525086583" -parentBuildID 20221007134813 -prefsHandle 1684 -prefMapHandle 1676 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {fd575936-e967-4d8c-8b33-d463b325e16f} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 1760 20dee2d4158 gpu
    3⤵
    PID:5020
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.1.1396065738\815722619" -parentBuildID 20221007134813 -prefsHandle 2104 -prefMapHandle 2100 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {465676e7-9f16-49ef-b980-492bb9f9b2fb} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 2116 20de3072858 socket
    3⤵
    - Checks processor information in registry
    PID:1504
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.2.663657456\1001133141" -childID 1 -isForBrowser -prefsHandle 2560 -prefMapHandle 2760 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {21fd7271-49f9-4569-b387-11313eb447ff} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 2592 20df229ce58 tab
    3⤵
    PID:3684
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.3.769601167\2034565787" -childID 2 -isForBrowser -prefsHandle 3496 -prefMapHandle 2884 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9a7d91ec-e6fe-4445-847f-e48ab96b5d45} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 3508 20de3061058 tab
    3⤵
    PID:1040
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.4.1585778774\91814659" -childID 3 -isForBrowser -prefsHandle 3840 -prefMapHandle 3516 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {f5372d8e-eb27-44ff-8bb9-46f7d6d6605c} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 3992 20df3978558 tab
    3⤵
    PID:5188
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.5.1669634170\1703106397" -childID 4 -isForBrowser -prefsHandle 5016 -prefMapHandle 5020 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {98f40828-3db8-419c-9f5b-128523cf03a6} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 2520 20dee2d4458 tab
    3⤵
    PID:6056
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.6.1108778914\2054171434" -childID 5 -isForBrowser -prefsHandle 5148 -prefMapHandle 5152 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {d4b7c082-9743-4ab8-a8ad-0c2116f9b12b} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 5140 20df2241258 tab
    3⤵
    PID:6064
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.7.1707412484\1132144792" -childID 6 -isForBrowser -prefsHandle 5216 -prefMapHandle 5160 -prefsLen 26249 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3b5914d2-de10-485f-98d0-cf82db31c8a1} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 5208 20df3976a58 tab
    3⤵
    PID:6088
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="1676.8.490107748\179781995" -childID 7 -isForBrowser -prefsHandle 5548 -prefMapHandle 5556 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1268 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {0eac16df-6c1c-4009-8618-061cebbc0cc7} 1676 "\\.\pipe\gecko-crash-server-pipe.1676" 5540 20df2241858 tab
    3⤵
    PID:5884
- - C:\Users\Admin\Downloads\jellybox-setup.exe
    "C:\Users\Admin\Downloads\jellybox-setup.exe"
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    PID:6360

C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
1⤵
- Modifies registry class
PID:1292

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:6988

C:\Users\Admin\Downloads\jellybox-setup.exe
"C:\Users\Admin\Downloads\jellybox-setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:7028

C:\Users\Admin\Downloads\jellybox-setup.exe
"C:\Users\Admin\Downloads\jellybox-setup.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5852

C:\Program Files\VideoLAN\VLC\vlc.exe
"C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file "C:\Users\Admin\Downloads\MoveExpand.m3u"
1⤵
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
PID:3400

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\57C8EDB95DF3F0AD4EE2DC2B8CFD4157

Filesize
4KB

MD5
1bfe591a4fe3d91b03cdf26eaacd8f89

SHA1
719c37c320f518ac168c86723724891950911cea

SHA256
9cf94355051bf0f4a45724ca20d1cc02f76371b963ab7d1e38bd8997737b13d8

SHA512
02f88da4b610678c31664609bcfa9d61db8d0b0617649981af948f670f41a6207b4ec19fecce7385a24e0c609cbbf3f2b79a8acaf09a03c2c432cc4dce75e9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\L5P12AEX\edgecompatviewlist[1].xml

Filesize
74KB

MD5
d4fc49dc14f63895d997fa4940f24378

SHA1
3efb1437a7c5e46034147cbbc8db017c69d02c31

SHA256
853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1

SHA512
cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\cache2\entries\383A97A57B113BD106DE6984E6DBA5F537327263

Filesize
13KB

MD5
3134167d9cfae26c552ca73b84a294a8

SHA1
846bbf89988d9622c6926fcd0796df3072f74962

SHA256
0f9d0fe559ae7561823e29620ee1e053f352c6ccd133a02aab54dbf4ca22d6db

SHA512
56d5199f95f1eeb5c4f255ca7c12b09795c258137ef7aa3156388f4ebec4139d7dae70613f284677d5d27aa8c15edb481657c73146db735324153ee2d23e48a5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\02F082IY\warmup[1].gif

Filesize
43B

MD5
325472601571f31e1bf00674c368d335

SHA1
2daeaa8b5f19f0bc209d976c02bd6acb51b00b0a

SHA256
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

SHA512
717ea0ff7f3f624c268eccb244e24ec1305ab21557abb3d6f1a7e183ff68a2d28f13d1d2af926c9ef6d1fb16dd8cbe34cd98cacf79091dddc7874dcee21ecfdc

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\B8P5Q3P3\index-Cnni3uqt[1].js

Filesize
576KB

MD5
588b8fbafd398aba8617055d1af4ed39

SHA1
09d40e834f313f779c74ae386d1989740540d12f

SHA256
ee078e61e3193e9dade0605b04036e21de82ff1fdcfc0936556f61d51d44070a

SHA512
5801e6b7912c694be91a7170ea729b097692ca7b8c91c8b6c2b981b17235404c3c79de6f0eddbe87ba2bd3074745cc8c46999cd95c2fd38e0d63f5d24b5ab3c5

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HWM86J9B\BHAFLQF7.htm

Filesize
824B

MD5
28e43a8b9efba4218914191aeada2a15

SHA1
fb80106fa63f98311cafd3832231bc32b995e8ea

SHA256
371c546534d1a2e8506a03a219cf532ffb565de03bd2dd43ab5294b6738a79c2

SHA512
8029ec075ebba63fccfa3fdf32836858849f5efd6b0709951e29e3d58df2a8ef13bd653c34c30802731e9ccfac000d651fd11ce9b73e6810ee92a7eed4bebe0a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cache\HWM86J9B\index-CP4FzAIa[1].css

Filesize
2KB

MD5
168a4f09a20473ccec1e538fa52809a5

SHA1
c8f0c2d562dafdb1691fe720787e8a9144927125

SHA256
bc9fe993a7c468f303a7eab3af45a343c93eb9317f2200adf8bd586d37f97c68

SHA512
1f940b94d0b5a9a53eab5daf55df479e24108c740f4f307ce22a69063405c2ef73c586f781219177d06e784fe8176e085a92c9fc05191bc67fed01c3bec14a76

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\User\Default\DOMStore\1WPKR63D\www.bing[1].xml

Filesize
1KB

MD5
1f2dc62b40622119c8cdb38a8bf35988

SHA1
3c1a782541d21982d5729995a501adc16584dd20

SHA256
6441e9c15c404b1e9eac6316927c6010ec6a56a56f5eefa64db57c584ab6c836

SHA512
b7a69c482af9a8539142b11dfd087ddd7e0ed87b9ca4331f4c5a97fb8a98c6ab9afac375d63e473d4415284d7b74c1a6add90ab4185e7a4e4bc0ce5fa037a23a

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\CDSOBB5B\suggestions[1].en-US

Filesize
17KB

MD5
5a34cb996293fde2cb7a4ac89587393a

SHA1
3c96c993500690d1a77873cd62bc639b3a10653f

SHA256
c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad

SHA512
e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\QC9WCX6L\jellybox-B6lhBMHH[1].png

Filesize
34KB

MD5
56db6450529ab454588214b6d126f8fc

SHA1
076dc6d625087b119b04b56df03169f5d6f7b222

SHA256
849f5f0f56443c131d4ac8e02d0d8c86f9b5c6f2aedd17c6693af8f7807b494f

SHA512
3a5a190918c15a33a6803bc7e2761294e0b4d310d0fafe03c992ad6e449fa1ba8312e5a6e21ba090ef5e434042fa2d7cc5cbc72405d8018239b2e5f7b1bae427

Download Submit
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Temp\~DFF4E590C3848287F2.TMP

Filesize
24KB

MD5
d3cdb7663712ddb6ef5056c72fe69e86

SHA1
f08bf69934fb2b9ca0aba287c96abe145a69366c

SHA256
3e8c2095986b262ac8fccfabda2d021fc0d3504275e83cffe1f0a333f9efbe15

SHA512
c0acd65db7098a55dae0730eb1dcd8aa94e95a71f39dd40b087be0b06afc5d1bb310f555781853b5a78a8803dba0fb44df44bd2bb14baeca29c7c7410dffc812

Download Submit
C:\Users\Admin\AppData\Local\Temp\MicrosoftEdgeWebview2Setup.exe

Filesize
1.6MB

MD5
db7fb67fcec9f1c442de25f3ad59f50c

SHA1
b600aa26d1cded59760304c6d77f4ff75722eabd

SHA256
c227208854734bbd38c9f74f39034111733da5c7ce71515b1610aedd79417f9f

SHA512
c14ec7d252a6f201dfea476d302fbc5140713cb4ea7bc8d4e610bfd806b3fa3c141153e2e9b8cb36255fba1fab4d4400ed83f5f5c1228d77d77bace41d5de7fe

Download Submit
C:\Users\Admin\AppData\Local\Temp\nso42EA.tmp\modern-wizard.bmp

Filesize
25KB

MD5
cbe40fd2b1ec96daedc65da172d90022

SHA1
366c216220aa4329dff6c485fd0e9b0f4f0a7944

SHA256
3ad2dc318056d0a2024af1804ea741146cfc18cc404649a44610cbf8b2056cf2

SHA512
62990cb16e37b6b4eff6ab03571c3a82dcaa21a1d393c3cb01d81f62287777fb0b4b27f8852b5fa71bc975feab5baa486d33f2c58660210e115de7e2bd34ea63

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon

Filesize
442KB

MD5
85430baed3398695717b0263807cf97c

SHA1
fffbee923cea216f50fce5d54219a188a5100f41

SHA256
a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e

SHA512
06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1

Download Submit
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1

Filesize
8.0MB

MD5
a01c5ecd6108350ae23d2cddf0e77c17

SHA1
c6ac28a2cd979f1f9a75d56271821d5ff665e2b6

SHA256
345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42

SHA512
b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\db\data.safe.bin

Filesize
2KB

MD5
74e87612917df8d06728cc606e17f30f

SHA1
aa95bad34868122f1d260c8acdf2237f47e4384a

SHA256
dca73ffbbcba684c36c3d82e7b3c39767e1920c26d211d30f01c6a49eb2d27b1

SHA512
0df1c73c7bf7ed475641971045e335ace22f11600e7ae991b40d51b1279479c1ce1f15beeb4a21b5eb236de9f48f3a3454c78f37accf9a07c2d71f24d26d58ba

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\7c1eced0-670c-45c6-9964-9abdf0cae204

Filesize
10KB

MD5
e70cd5d134194e8028a365d69ed53c35

SHA1
d56a8078103921e9b03d0ca5e060382c05fc65ea

SHA256
0f1361aec489d24f44a7ef66e7ecc0f32ce74f5558b09b46746a35d20ddc255c

SHA512
2d01192089c4669cbc4ea57ca60601311e007da529eec98d47af3a79b44e0593d5649d419ddf96efec1464fc02161b93f30c3a82cac0ecbc1550d43f1398d00e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\datareporting\glean\pending_pings\956119be-0812-4168-9048-508805d32cd8

Filesize
746B

MD5
0d9ca306ccb0a3041ff994480274f0f6

SHA1
8f887594cdaedf36b5942de23e259980e335ae4e

SHA256
0f0c65634cae25daf28a728e4685455d2196e5453a5addad26d464d9edae10fc

SHA512
7dbf25ae657e3a13e977f229ec7e89c346f00e3572b5fc7ce298193d6ed9ec5b86a96eb53a2fc29d8e62d38b01fc47680e8791750c4d222773f71fb3b7feb156

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\downloads.json.tmp

Filesize
717B

MD5
85f853425df441a0f0090f7ac7a52fe3

SHA1
f6d943cf52fa3148b9abb4cf3eb9b9f1902ab4dc

SHA256
9ff8dd0febe52ee5224220585ea76aff53fd17cb84b3e6bc799da2e6833834cb

SHA512
ad7a5313b18423a02fd9f4c0d7ac3be05a1689b1e73cfa2623adbbc06176a4b0610b178b987943388659d3aaeef01458b8e0564a939662f08759c7c46c085844

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll

Filesize
997KB

MD5
fe3355639648c417e8307c6d051e3e37

SHA1
f54602d4b4778da21bc97c7238fc66aa68c8ee34

SHA256
1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e

SHA512
8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info

Filesize
116B

MD5
3d33cdc0b3d281e67dd52e14435dd04f

SHA1
4db88689282fd4f9e9e6ab95fcbb23df6e6485db

SHA256
f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b

SHA512
a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt

Filesize
479B

MD5
49ddb419d96dceb9069018535fb2e2fc

SHA1
62aa6fea895a8b68d468a015f6e6ab400d7a7ca6

SHA256
2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539

SHA512
48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json

Filesize
372B

MD5
8be33af717bb1b67fbd61c3f4b807e9e

SHA1
7cf17656d174d951957ff36810e874a134dd49e0

SHA256
e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd

SHA512
6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll

Filesize
11.8MB

MD5
33bf7b0439480effb9fb212efce87b13

SHA1
cee50f2745edc6dc291887b6075ca64d716f495a

SHA256
8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e

SHA512
d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib

Filesize
1KB

MD5
688bed3676d2104e7f17ae1cd2c59404

SHA1
952b2cdf783ac72fcb98338723e9afd38d47ad8e

SHA256
33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237

SHA512
7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig

Filesize
1KB

MD5
937326fead5fd401f6cca9118bd9ade9

SHA1
4526a57d4ae14ed29b37632c72aef3c408189d91

SHA256
68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81

SHA512
b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
6KB

MD5
4961e4d05f6de51bb41781ae5526203a

SHA1
944501220f289600ebe779e95fc583ad468643db

SHA256
52acc216ef6dd3cf06e712a304d04569e56bc6a3b51ba6cf24a39008e2552945

SHA512
aa39cceb29105913891c3c5bbd439cd637325ec5946b282fa7f86f8c1f03604d7c1c8ee8fec8f4c1e4e237fe48b303c994d50fd7c04ba40ccec63aff9991b3a1

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
9KB

MD5
6c6bed69099843025c7aa03cd33b3a80

SHA1
0610d47e17c9f09153ce9c33e705e6a382570659

SHA256
f4aa9f47ab8565dec032214c80012d125ed924665a476a342fc25ff9ddcdb9dd

SHA512
feea320540481123e62815862c9aaa8e62441d464912d8480b0014f2d06b27c823836a153106e945ef7ed7c9a784ba68f55bc8585068370ab480f98595f4aa20

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs-1.js

Filesize
7KB

MD5
738ace82a536d6a89542649ce617c92a

SHA1
39f07516d1478ce2ae43daae27ca6763a17bbe9f

SHA256
8fd6e049f949737bbb1535bace57704275393e2d5f462c6336fa67d80a5ad7d1

SHA512
3b15ab205f99cf716dd30043abe0712257cb0af1f674d8455263d03a52a19e7c71f57a79d4bcffdf98772ac532ec70af057606beae90eafa43d4e9ff0f836a12

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
437ba0c0afb8c5f4cfa5d679732e64d3

SHA1
56861a85c433eb704712d8543fd37d7712e5c101

SHA256
2d937e8099ecd774ac01dafa7000d1d756d3665572bdae6eed519ac0b5ed3a0e

SHA512
07ee5abe25f1e402b110fc01d41304651fe681e7a7d53648c7e8434a47ef44577558aaaf02a6144eb561504370ca5462ae59a5ff397960ce879a2a2fe19f1b18

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
ba1492ecce18570a49233a8174c92adc

SHA1
e34c0729c7023fd7b22ae62dab43510ed8bb20ec

SHA256
24b8146d49dc18865a7d0cb936560a2e2f1025a4060d99c2e8dc98ca02b4dff0

SHA512
f168d3ad3289b81b617ccf682ce85361a21b9ae2e71c9bef2cdb96b2b21cc4b73d08b9f2a2f5c5a8f5ecc88dd352a6b0bbcb2f525904b0bdda039e8c0d72bb89

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
c9e24d44efc9b9041fadaa421e0cc46e

SHA1
87186c88844dfaec9cfba7b16049304024d1a600

SHA256
68d5cf36394ca29e9e71c9a16fb31fc08b42c79180d2d858573389a5ff00bb31

SHA512
be36a56cde17c4c4084610e850413a0487c2c2c27be6054408988011f13c186d2de6084a3226dfee739e7051d97e4d7e325550ac51626ea3f65c84122b2c2e31

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\prefs.js

Filesize
6KB

MD5
325c4ee022c20255f4c20b869bef6f24

SHA1
c6f1c50ff05bcc13e3472bbabdbccb458573523c

SHA256
bb7c891f06b8654bb6ba6e38b57bc3e313e25257a74d52677115892ffd4ae3d6

SHA512
b9b5fb133e981700a35ebc75eb444053902fac4b18777ce61b704d943d7ef27a1d5eee505bc82e9e1ef125f19003cf5502d3414207fd226929d0e6c9b9be431f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
4146749a61cc3d95cb859cbe5f0a9ee4

SHA1
d0e50e9a0b6f30de25215f6d2ceb0db76bd589f0

SHA256
a7f88ed433fa10cd484fc31bf9899301adb9a9e5a8f1191b63a50dcad4a68b4d

SHA512
b9705f40dfd1210321e299bca38be7accccada4a13c43e57ad5eae429cdd358013726fcf01278113e130a4c0f6b0ac85621fdffc7aa7a3cc392564e364280ac4

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore-backups\recovery.jsonlz4

Filesize
38KB

MD5
8296ce5fa1b5a0fb3b4ad1f46413d496

SHA1
8519cb738f2dd13c72af7b0bcfd72fdd4434e330

SHA256
922a9c498d7d266180e757374c488f2839aefa0cf3ca0e6f0868423a22183bdd

SHA512
2a449730c5ace3babf4ff1299f7b1c07b6810f3c104af5a3649e85fd070c152b411a052cec1cad315f67f8c21b42a0dab1cbcd998a235dd9bcc9b453d71f7cfd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\sessionstore.jsonlz4

Filesize
38KB

MD5
abc8b77f9f3492b53830adbc6056bd3a

SHA1
39104090e931c4a5f20e5e06ee689c3715528854

SHA256
ed0b5bb44c4dfb7fad2d1594bcb572d412258caca38f1b810ae46ae3d68fef8d

SHA512
f0205419327afb4e6b20481e8d1188c0c9281bc2448f82e3b5b4bc018f7373bc3278512bd8ea3f07bc91c90ede05e5cdbc92dcf549b74380e4e74cf2ffa1807f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
7.7MB

MD5
eca0c00b24d54f57e5abf6b68b530f94

SHA1
02ad498a24562ad7c180f3bc2f3d70093bbb1bd8

SHA256
4c838da853141826ff60c3273035daff7805d6f893b284c219a8d76e3f7c3103

SHA512
6ee916dff84f668c97b8d52c8160c142f3b67023bd77d58ae1e69600b5e0c23fdb03a75815c22ab12c4b99eb0fdda22e866e69f2d979f42659a230a3d3c7f679

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wtg1s5j6.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite

Filesize
184KB

MD5
0d0013d9708d9fef539adc917f5b87f6

SHA1
5e071e6b4d8abf007c8bb78ee948caf5bb0439e1

SHA256
f416d29cdbaa66b7d04483831d2a593a735316fafb643414a12df78da0ab054b

SHA512
851e9965a0fed9e0f5195ce655635cf13687d18678e4a9df807ab22cbc53c02cd2006fd65d93cd80b2a06d709e59122ea9933ba5cec551c6d51f5e9b4c175388

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
8KB

MD5
7ac16d1108b91f3cc0d36c0325824f5d

SHA1
66580fe9770aca1ebf676dc796db6a7c0776d5ec

SHA256
de7dd965981dd353de5e0cd2d5d64647ae3a16f71e3d99db38450fc7876ed23b

SHA512
7dc7f5f904f14308ea1dbdf553ad8adc3db666f0ac93dbd1a309ed8732b53062335aa2aee870243c0179ca77ab671be81a48d4906554e17d36c3b76612f201f9

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini

Filesize
78B

MD5
1207deaa870951a75fb73890135f59f0

SHA1
e0f5ff616f305727c43012ad66a047cf505965d2

SHA256
a4caad8be86174dd5a175adfea992c22f4d912816fc124dcc1a4097bfe9868a1

SHA512
efebc52fbdc2d17552315a36a4cf02880bd15bf3a41f5f30a84028d2eee6ec4e93aa25d7bb5f9a0d6cee32f156a17de2a0453914bc30e808d218d8060f0f0239

Download Submit
C:\Users\Admin\AppData\Roaming\vlc\vlc-qt-interface.ini.lock

Filesize
18B

MD5
95b7a1958196ab0027e15e708886170a

SHA1
4475422852a2a5beb6b0db65f8017bd4d4aa8483

SHA256
ebcf893c57c7f1a37cf45cbfaac2ab390c6d54f096c157d1f07c5a8de341acc1

SHA512
4af34ea1bb8ad17292dadeae938a4e3547531516c99a58921590c5d7d47b4725b0b63def4f38ed938489981e6d7a98bfbacfafa03ecbe46e0e3fd0f55afc7037

Download Submit
C:\Users\Admin\Downloads\jellybox-setup.zDNC5U8x.exe.part

Filesize
337.0MB

MD5
a1a7542e4b1e056aa079cf42fb5af84c

SHA1
94a154a35592e5a65d7c93bd00a3a961eed69bbb

SHA256
7dad0344817de7344a1d03b93b07fccf1a6bb0237739d26a26a0196e25637942

SHA512
00d4175cc7b1ea0551351fd7e3646e1a2814c047fa6a82d8587ab2085026817ee0811f0a03dd089674a32c8a04b73bdc48001162b076d4db86abfc40063d0e21

Download Submit
\Users\Admin\AppData\Local\Temp\nszE3EB.tmp\NSISdl.dll

Filesize
15KB

MD5
ee68463fed225c5c98d800bdbd205598

SHA1
306364af624de3028e2078c4d8c234fa497bd723

SHA256
419485a096bc7d95f872ed1b9b7b5c537231183d710363beee4d235bb79dbe04

SHA512
b14fb74cb76b8f4e80fdd75b44adac3605883e2dcdb06b870811759d82fa2ec732cd63301f20a2168d7ad74510f62572818f90038f5116fe19c899eba68a5107

Download Submit
\Users\Admin\AppData\Local\Temp\nszE3EB.tmp\StartMenu.dll

Filesize
7KB

MD5
d070f3275df715bf3708beff2c6c307d

SHA1
93d3725801e07303e9727c4369e19fd139e69023

SHA256
42dd4dda3249a94e32e20f76eaffae784a5475ed00c60ef0197c8a2c1ccd2fb7

SHA512
fcaf625dac4684dad33d12e3a942b38489ecc90649eee885d823a932e70db63c1edb8614b9fa8904d1710e9b820e82c5a37aeb8403cf21cf1e3692f76438664d

Download Submit
\Users\Admin\AppData\Local\Temp\nszE3EB.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nszE3EB.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit
memory/2236-96-0x000001544FC00000-0x000001544FD00000-memory.dmp

Filesize
1024KB

Download
memory/2236-417-0x000001544F510000-0x000001544F520000-memory.dmp

Filesize
64KB

Download
memory/2236-426-0x000001544F510000-0x000001544F520000-memory.dmp

Filesize
64KB

Download
memory/2236-427-0x000001544F510000-0x000001544F520000-memory.dmp

Filesize
64KB

Download
memory/2236-177-0x00000154602B0000-0x00000154602D0000-memory.dmp

Filesize
128KB

Download
memory/2236-144-0x0000015460370000-0x0000015460390000-memory.dmp

Filesize
128KB

Download
memory/2236-138-0x0000015460080000-0x00000154600A0000-memory.dmp

Filesize
128KB

Download
memory/2236-420-0x000001544F510000-0x000001544F520000-memory.dmp

Filesize
64KB

Download
memory/2884-42-0x0000023B02C00000-0x0000023B02D00000-memory.dmp

Filesize
1024KB

Download
memory/4120-65-0x000001D7E88B0000-0x000001D7E88B2000-memory.dmp

Filesize
8KB

Download
memory/4120-55-0x000001D7D7DB0000-0x000001D7D7DB2000-memory.dmp

Filesize
8KB

Download
memory/4120-57-0x000001D7D7DD0000-0x000001D7D7DD2000-memory.dmp

Filesize
8KB

Download
memory/4120-59-0x000001D7D7DF0000-0x000001D7D7DF2000-memory.dmp

Filesize
8KB

Download
memory/4120-50-0x000001D7D81B0000-0x000001D7D82B0000-memory.dmp

Filesize
1024KB

Download
memory/4120-67-0x000001D7E88D0000-0x000001D7E88D2000-memory.dmp

Filesize
8KB

Download
memory/4120-61-0x000001D7D8010000-0x000001D7D8012000-memory.dmp

Filesize
8KB

Download
memory/4120-63-0x000001D7D8030000-0x000001D7D8032000-memory.dmp

Filesize
8KB

Download
memory/4552-395-0x00000161BABE0000-0x00000161BABE1000-memory.dmp

Filesize
4KB

Download
memory/4552-16-0x00000161B2120000-0x00000161B2130000-memory.dmp

Filesize
64KB

Download
memory/4552-35-0x00000161B11E0000-0x00000161B11E2000-memory.dmp

Filesize
8KB

Download
memory/4552-396-0x00000161BABF0000-0x00000161BABF1000-memory.dmp

Filesize
4KB

Download
memory/4552-0-0x00000161B2020000-0x00000161B2030000-memory.dmp

Filesize
64KB

Download