Analysis Overview
SHA256
582f3489d3b37997da671c29b225fd896b6b2547107bf8effbf5785087eedaff
Threat Level: Shows suspicious behavior
The file sample was found to be: Shows suspicious behavior.
Malicious Activity Summary
Legitimate hosting services abused for malware hosting/C2
Resource Forking
Drops file in Windows directory
Suspicious behavior: EnumeratesProcesses
Enumerates system info in registry
Suspicious use of WriteProcessMemory
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of FindShellTrayWindow
Suspicious use of SetWindowsHookEx
Uses Task Scheduler COM API
Modifies data under HKEY_USERS
Modifies Internet Explorer settings
Checks processor information in registry
Modifies registry class
Suspicious behavior: MapViewOfSection
Suspicious use of AdjustPrivilegeToken
Suspicious use of SendNotifyMessage
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-06-17 17:07
Signatures
Analysis: behavioral3
Detonation Overview
Submitted
2024-06-17 17:07
Reported
2024-06-17 17:37
Platform
win11-20240611-en
Max time kernel
1800s
Max time network
1702s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133631180413114877" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff721f3cb8,0x7fff721f3cc8,0x7fff721f3cd8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1980 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2076 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2748 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3168 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3192 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3904 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5084 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5236 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5596 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,5827285115212495980,15650356435904988716,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=5248 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x100,0x104,0x108,0xe8,0x10c,0x7fff6dbbab58,0x7fff6dbbab68,0x7fff6dbbab78
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1636 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2156 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2204 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3084 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3216 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4312 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4484 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4104 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4712 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4808 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4844 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=4784 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=UAAAAAAAAADoAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAACQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=3828 --field-trial-handle=1828,i,17877520649653766574,13532417516664695749,131072 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 71.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 203.107.17.2.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 142.250.187.196:443 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| GB | 142.250.187.206:443 | clients2.google.com | udp |
| GB | 142.250.187.206:443 | clients2.google.com | tcp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | tcp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | tcp |
| JP | 35.213.86.143:443 | e2c33.gcp.gvt2.com | tcp |
| JP | 35.213.86.143:443 | e2c33.gcp.gvt2.com | tcp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | udp |
| GB | 34.105.225.79:443 | e2c15.gcp.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | tcp |
| US | 216.239.32.116:443 | beacons4.gvt2.com | udp |
| US | 192.178.49.195:443 | beacons.gvt2.com | tcp |
| US | 108.177.122.94:443 | beacons.gcp.gvt2.com | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 8.8.8.8:53 | 88.156.103.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.27.171.150.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 54.120.234.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a74887034b3a720c50e557d5b1c790bf |
| SHA1 | fb245478258648a65aa189b967590eef6fb167be |
| SHA256 | f25b27187fad2b82ac76fae98dfdddc1c04f4e8370d112d45c1dd17a8908c250 |
| SHA512 | 888c3fceb1a28a41c5449f5237ca27c7cbd057ce407f1542973478a31aa84ce9b77943130ca37551c31fa7cd737b9195b7374f886a969b39148a531530a91af3 |
\??\pipe\LOCAL\crashpad_4480_FHWUHXAATVRQDZEC
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 64f055a833e60505264595e7edbf62f6 |
| SHA1 | dad32ce325006c1d094b7c07550aca28a8dac890 |
| SHA256 | 7172dc46924936b8dcee2d0c39535d098c2dbf510402c5bbb269399aed4d4c99 |
| SHA512 | 86644776207d0904bc3293b4fec2fa724b8b3c9c3086cd0ef2696027ab3d840a8049b6bde3464c209e57ffa83cbc3df6115500fbe36a9acb222830c1aac4dc7a |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 3d4c3fe2274c4999325bdd4b7b18c43f |
| SHA1 | fc67e667ee82c7a72b73506c3e2851017ff11ccc |
| SHA256 | 6a0514e8467e0b03b053ea7af169d74087a7331bd550f9d20f0927ec4a32d906 |
| SHA512 | bdb5486d0b6c836ebc6cbc5a4211e664e4994a4fe02e6aae5a7b75dcc8f661b9c6d056e108eb2ac01943839e016e0c23e480a84d7c0ce93d57a4f2dc319ae0cd |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | b0fbfad010ca817bf289333db3e4dae7 |
| SHA1 | 322b6870a99da33f8e16c1e464262864228e5d51 |
| SHA256 | d2171dbdfe40d04e44f275a9b20a5b2f70e8d55710f8ca339ae6b93069267d75 |
| SHA512 | 48da09b7c33106d63711cbe8e6ead017e9077f2899e91f9582f72ea49755a25371af0493811f5d21088828ef0dc2431b803b236aadcc16b3475273538178a5fa |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | f587612ce404746bb0bb73c350e5e501 |
| SHA1 | 6c5c616dcf9b57dbffef8987988a9876a85d6135 |
| SHA256 | 36552328012cf59c8631dc3fbc532cf4cc33b24aa95804e052f581d4aacf5d1e |
| SHA512 | a390e57a944a82ef1d5b7bfcc5389626a1da2cdbab0e150e172a62e3f75792b52826c830ac5dc7bc406eec7a67f3fae976d9faec4986130043dc863ae4a4ca51 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | acaf93718fce2f11442d53364d471cc8 |
| SHA1 | c2c656ef1a5c18d1f171e89cd2da2800dd7b7960 |
| SHA256 | d36a0532e7769404c7f3ac06bc6ce9cc3699f39ded8e11a33c3a7346fe1403cc |
| SHA512 | c56da28ee35054734ddece54d82bf2b1abee6c250d7c51e126b874c58ceef9fc0e3dd62bc3d43b16a523778547d17c9c83fcccd951f297fab5e778ca50076192 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f485fe315deb660982334ee5d4f4c03e |
| SHA1 | 4850742e8f7e45750d8f31a2c23c6aecd7909770 |
| SHA256 | ce339023d7d0fcb6f039238d5e5da589bb2c3a2d2235d80fd135c8ef07b6c900 |
| SHA512 | 1fffdda154501a18b759af93462bf383435d9ab533c6cc52ae61b839730931629a5830bed0c14145967a92601e7575df87de09464327e52c7c0af10f1fdce541 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 493c77e051c7b6c2018929a0f347cbf9 |
| SHA1 | c58c3b3d2b3b74046672a00cd7571fd448e4288b |
| SHA256 | 212b8a486dc7e63977bc7c11ef5be5c6d427aa2133844d738d14d89360a8a07a |
| SHA512 | 64d40b143f3d8cc1943764b539acb61f43af024393366129613ec8fd68d1e537356794d3d9fe75b5012cdc8102efd07e3f1d1af7a93fe024f5a7a0202d717f3c |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 2505937fac62f7b93c152c5aaaf45dbd |
| SHA1 | 8d42dd85d0a2bcca61fbb27018545d8afc889ff8 |
| SHA256 | 91123da617889aec17dae42eac424dc09a8572f681f55df002a9ac2903a0df1b |
| SHA512 | baddf6ae3b6450674d9e514c080262dbc7933fd726aed93b17a84784139a95bcffef3c3294b9b94e9df5927ddea8f6643362e4e9048715a41d269bf43399779e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences
| MD5 | a8687058bd58dfad3d6048a97c6ae5cf |
| SHA1 | 4079a1d15d4b5b0403938e3901162e90be09c055 |
| SHA256 | 3454a544af606cb545d74c0f03714c36a80764dd733d75d6bf59301b6b4e2922 |
| SHA512 | e73e5a1bb7dbaad38fe71722476e3521fa029f375be2204cd13a886b835d401ee35f69fec6bb660e209169d65aca42fb968bbca492791d6368a19de3e1b01cfd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | c3b3ed9bfeecbe5bf323d122c609422c |
| SHA1 | 282cb7ae063f6203bc619a369f2f6994a5543e2d |
| SHA256 | 1e16aca4615f090cb364c46baf6b69bc002aafd621d5b4893d0bbc807ce9a7b7 |
| SHA512 | 3335cc9dfa3ff285a7d8a7d042da9deca335fbd5d6cd7d73771d46e89c17991252dc2763f44720a3cd1a52263e7c9d6279e47fd53b34472971ae85210bcb924e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | d746f53728ee268fedb417d28588e09f |
| SHA1 | 7214cad330496d3c674a406fd580ff6c1f235c4e |
| SHA256 | 32273da6ac3d1af8f37e88f84c34e79850ead563da7382c0768452aedcbc578e |
| SHA512 | f8adf35f551d03bbc46eaf554d0e4d6570bc283c8831310bc1304faff9fba26c094b775514e48aa9052ac1d82e5d330f93581fc5346b44e9aa7063750a11fc93 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 543b67207ce60967f6218458a81a0294 |
| SHA1 | 739586521be6a77cf58be4298960a00390f7a0a2 |
| SHA256 | eb4734ed77968871cdb3e6a7f57ad582dbe4a91d54e2313024cf13b011eda83e |
| SHA512 | 3bcc783576b97e065fe7971e8a1d823e2ae616ce86de1fae22a5dd0d18ef8a470d8e11ab6b1b9a0292f2682646e810614fb366192b81864458fbf68ddd2b8c62 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
| MD5 | 0ccacb4fd69cb285bde733a6069b2af8 |
| SHA1 | 086f7122d90bb7c9d5c4e6a807d22113b261ec9f |
| SHA256 | e63b1b2be03e6d79deeecea705149bdf3cc466bdefe533f1cce93f580aa9b708 |
| SHA512 | 267ceb8cf877aa2bf9ab152c03080b6c82661cc66499f32ba3569d1c1bd0be6cd74bf4d64037cf77cf09a61e0a2a0777ec47eae89ebe8783bc0bc331db397bc3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 12f34ef0d032287fe5476a63d71957f7 |
| SHA1 | a32d80d53ee21c95238208bf44427dd81a43bcf7 |
| SHA256 | c3c4333bb2065fa8451e267d10f04dba72713860339d6870e053e15d2a993737 |
| SHA512 | 929c48339093bd268c848a0100880772a498dad114bf861d84348f8010e119054a88001b28b825fb62b1730548cc3f68c12662c84fedc1ddfea9a74f9681bbfb |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 001f109027a57c27f9bfadbdce35b445 |
| SHA1 | 7d2c97ca59d4c3d95a11deb6f5334fd1514daff0 |
| SHA256 | add144e0722b2b9363a0cf10746af83cb0545cbd0ebaddeae1e0da1905d64f40 |
| SHA512 | 1a0563f9fd9f392bb4bd4fe9a68fe11c3111fec312d8b3dfb269803ae16cb5be26f98f675599314182dedd57d50dd4b19a31d7faf78e3ebd03d9e683c9ec173f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | 2e0b9545c45cbd52a640bc2a1eaeb1d1 |
| SHA1 | 57987957855ccf75aaf4017935c25bb4e924d56a |
| SHA256 | 1ce9262afc666338b8ff75b6790752a5aa34eb416b5cfae9953602b42e6ce975 |
| SHA512 | a98a9e6896513ce67a0a71b8bc6c50d415d2d19078e442a330bd141d68727acf03ec5e9aaac6c5260de46f583b5fc90704b6d53a919ccdbb8e68ed9d2ae2cca6 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 13088912a663a1766dbe4d2a96453a9b |
| SHA1 | 6738505be8437e20858db627071039b4838bee22 |
| SHA256 | 4d0bc71b73512cfcdfaa8486d78400df4b56bbe0d98e39f034739b30d8feadf6 |
| SHA512 | 0b3cc365462423f6ee802371e0898bfb0377cbfa3951d629294cf473db48ede09a5020a3e29b31e5563e1e3ac55a8c5ed41d9a4be5efba1ea30ce2e78bcfc45e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\3f644699-09a5-4c58-85a8-777d5fb9c725.tmp
| MD5 | 8116a9d583d4c4d757023e9c6eb6c3af |
| SHA1 | 929ef0f1d8b454cb73449247c421a070d0f3bce2 |
| SHA256 | bfb69c7f77735cad92026ab1f82da66fe8f293581ed23555f43af09c899250dd |
| SHA512 | 24f2aaa55ac011d27c0f745333ef5b1940519e4d8792ccca3e7c61f0a2ae25b65ecea7ba699318ff695a824c9f40ce3eff74f3ee70dd8ad166dd4175df09a8e5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | afd8fa91b408f3bdeb6eca03e900690c |
| SHA1 | 24797f3a31e3c81adc25fc08361e837be171e278 |
| SHA256 | 8d25b37efdc8e5e568824fe64fd09f5620460608c2f8bf20e0ca792839234d6b |
| SHA512 | 894b0477bfc19781def49980856d7279c45f14b85ad2805f11349457b1e65d8263d1a1220240adbcddeb066b83720af0e75b102fdfac3ab53dcbdcd0d48e7041 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 9a38c5e1371f3f0c5ba71acb5cd89e15 |
| SHA1 | e054d1d730a08b691a8f28d01267138935de847f |
| SHA256 | 0369d7e94bb5c46dfd0b24577a2440386fe12a4a485ff260f75802181f1d0aa5 |
| SHA512 | beec1eb477ca2955a07a935062aa198fb4b5c2eb265a4f7c4078d72c48d120d7679227e7288cc327fa102d37bae84737fddb7ec0639e985f78562e0b39f581a0 |
Analysis: behavioral4
Detonation Overview
Submitted
2024-06-17 17:07
Reported
2024-06-17 17:37
Platform
macos-20240611-en
Max time kernel
1379s
Max time network
1565s
Command Line
Signatures
Processes
/usr/libexec/xpcproxy
[xpcproxy com.apple.systemstats.daily]
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/sample.html]
/bin/zsh
[/bin/zsh -c /Users/run/sample.html]
/Users/run/sample.html
[/Users/run/sample.html]
/bin/sh
[sh /Users/run/sample.html]
/bin/bash
[sh /Users/run/sample.html]
/usr/bin/pluginkit
[/usr/bin/pluginkit -e ignore -i com.microsoft.OneDrive.FinderSync]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /var/folders/pq/yy2b5ptn4cz739jgclj4m1wm0000gp/T/OneDriveUpdaterBCBF2C69/OneDrive.app]
/usr/sbin/spctl
[/usr/sbin/spctl --assess --type execute /Applications/OneDrive.app]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveUpdaterDaemon]
/bin/launchctl
[/bin/launchctl kill SIGTERM system/com.microsoft.OneDriveStandaloneUpdaterDaemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.42.65.93:443 | tcp | |
| US | 8.8.8.8:53 | api.apple-cloudkit.fe2.apple-dns.net | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 52.168.117.170:443 | mobile.events.data.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| GB | 17.57.146.12:5223 | tcp | |
| US | 8.8.8.8:53 | 43-courier.push.apple.com | udp |
| GB | 17.57.146.10:5223 | 43-courier.push.apple.com | tcp |
| GB | 17.57.146.7:5223 | 43-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
Analysis: behavioral5
Detonation Overview
Submitted
2024-06-17 17:07
Reported
2024-06-17 17:37
Platform
macos-20240611-en
Max time kernel
1379s
Max time network
1548s
Command Line
Signatures
Resource Forking
| Description | Indicator | Process | Target |
| N/A | /System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy | N/A | N/A |
Processes
/bin/sh
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/bin/bash
[sh -c sudo /bin/zsh -c "/Users/run/sample.html"]
/usr/bin/sudo
[sudo /bin/zsh -c /Users/run/sample.html]
/bin/zsh
[/bin/zsh -c /Users/run/sample.html]
/Users/run/sample.html
[/Users/run/sample.html]
/bin/sh
[sh /Users/run/sample.html]
/bin/bash
[sh /Users/run/sample.html]
/usr/libexec/xpcproxy
[xpcproxy com.apple.sysmond]
/usr/libexec/sysmond
[/usr/libexec/sysmond]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.systemsoundserverd]
/usr/sbin/systemsoundserverd
[/usr/sbin/systemsoundserverd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.pbs]
/System/Library/CoreServices/pbs
[/System/Library/CoreServices/pbs]
/usr/libexec/xpcproxy
[xpcproxy com.apple.audio.AudioComponentRegistrar]
/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar
[/System/Library/Frameworks/AudioToolbox.framework/AudioComponentRegistrar -daemon]
/usr/libexec/xpcproxy
[xpcproxy com.apple.security.cloudkeychainproxy3]
/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy
[/System/Library/Frameworks/Security.framework/Versions/A/Resources/CloudKeychainProxy.bundle/Contents/MacOS/CloudKeychainProxy]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.geod]
/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod
[/System/Library/PrivateFrameworks/GeoServices.framework/Versions/A/XPCServices/com.apple.geod.xpc/Contents/MacOS/com.apple.geod]
/usr/libexec/xpcproxy
[xpcproxy com.apple.secinitd]
/usr/libexec/secinitd
[/usr/libexec/secinitd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AddressBook.ContactsAccountsService]
/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService
[/System/Library/Frameworks/AddressBook.framework/Executables/ContactsAccountsService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.nehelper]
/usr/libexec/nehelper
[/usr/libexec/nehelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.routined]
/usr/libexec/routined
[/usr/libexec/routined LAUNCHED_BY_LAUNCHD]
/usr/libexec/xpcproxy
[xpcproxy com.apple.Maps.mapspushd]
/System/Library/CoreServices/mapspushd
[/System/Library/CoreServices/mapspushd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.neagent.878568F8-CCE5-4157-8315-22F20DC8FB0A]
/usr/libexec/neagent
[/usr/libexec/neagent]
/usr/libexec/xpcproxy
[xpcproxy com.apple.corespotlightservice.725FD30A-6064-6C02-CC51-5DDB8891B57E]
/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService
[/System/Library/Frameworks/CoreSpotlight.framework/CoreSpotlightService]
/usr/libexec/xpcproxy
[xpcproxy com.apple.akd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.CoreAuthentication.agent]
/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd
[/System/Library/Frameworks/LocalAuthentication.framework/Support/coreauthd]
/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd
[/System/Library/PrivateFrameworks/AuthKit.framework/Versions/A/Support/akd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.AccountPolicyHelper]
/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper
[/System/Library/PrivateFrameworks/AccountPolicy.framework/XPCServices/com.apple.AccountPolicyHelper.xpc/Contents/MacOS/com.apple.AccountPolicyHelper]
/usr/libexec/xpcproxy
[xpcproxy com.apple.spindump]
/usr/sbin/spindump
[/usr/sbin/spindump]
/usr/libexec/xpcproxy
[xpcproxy com.apple.diagnosticd]
/usr/libexec/diagnosticd
[/usr/libexec/diagnosticd]
/usr/libexec/xpcproxy
[xpcproxy com.apple.newsyslog]
/usr/sbin/newsyslog
[/usr/sbin/newsyslog]
Network
| Country | Destination | Domain | Proto |
| GB | 51.132.193.104:443 | tcp | |
| GB | 17.250.81.67:443 | tcp | |
| US | 8.8.8.8:53 | mobile.events.data.trafficmanager.net | udp |
| US | 20.189.173.17:443 | tcp | |
| IE | 20.50.73.9:443 | mobile.events.data.trafficmanager.net | tcp |
| US | 8.8.8.8:53 | h3.apis.apple.map.fastly.net | udp |
| US | 8.8.8.8:53 | gspe1-ssl.ls.apple.com.edgesuite.net | udp |
| US | 8.8.8.8:53 | e4686.dsce9.akamaiedge.net | udp |
| GB | 104.77.118.121:443 | tcp | |
| US | 8.8.8.8:53 | a479.dscg4.akamai.net | udp |
| GB | 23.200.147.24:443 | gspe1-ssl.ls.apple.com.edgesuite.net | tcp |
| GB | 17.253.77.202:80 | valid.apple.com | tcp |
| US | 8.8.8.8:53 | cds.apple.com | udp |
| BE | 104.68.86.71:443 | cds.apple.com | tcp |
| US | 8.8.8.8:53 | help.apple.com | udp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| GB | 2.21.189.171:443 | help.apple.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| GB | 17.57.146.7:5223 | tcp | |
| US | 8.8.8.8:53 | 23-courier.push.apple.com | udp |
| GB | 17.57.146.10:5223 | 23-courier.push.apple.com | tcp |
| US | 8.8.8.8:53 | lb._dns-sd._udp.0.0.127.10.in-addr.arpa | udp |
Files
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsObject.db
| MD5 | d3a1859e6ec593505cc882e6def48fc8 |
| SHA1 | f8e6728e3e9de477a75706faa95cead9ce13cb32 |
| SHA256 | 3ebafa97782204a4a1d75cfec22e15fcdeab45b65bab3b3e65508707e034a16c |
| SHA512 | ea2a749b105759ea33408186b417359deffb4a3a5ed0533cb26b459c16bb3524d67ede5c9cf0d5098921c0c0a9313fb9c2672f1e5ba48810eda548fa3209e818 |
/var/folders/zz/zyxvpxvq6csfxvn_n00000sm00006d/C//mds/mdsDirectory.db
| MD5 | 0e4a0d1ceb2af6f0f8d0167ce77be2d3 |
| SHA1 | 414ba4c1dc5fc8bf53d550e296fd6f5ad669918c |
| SHA256 | cca093bcfc65e25dd77c849866e110df72526dffbe29d76e11e29c7d888a4030 |
| SHA512 | 1dc5282d27c49a4b6f921ba5dfc88b8c1d32289df00dd866f9ac6669a5a8d99afeda614bffc7cf61a44375ae73e09cd52606b443b63636977c9cd2ef4fa68a20 |
/Library/Preferences/com.apple.networkextension.uuidcache.plist
| MD5 | 95d1f6a479ea836bed553646ebef85c1 |
| SHA1 | 19da469018294e373c788d888e5c55e0bb18695e |
| SHA256 | fc78047a7293b7fba3abe949497f397804f86e2ff04c29c4a549df60aa877aa2 |
| SHA512 | 3f9b8aa7efc6cbbcf6672e0d08a630178c653894d800e9125ed18774de105bc564b097120e98b5711cec5d05d95b41fe822019bc10038055eabf341b0c12845d |
/Users/run/Library/Caches/GeoServices/Resources/altitude-1285.xml
| MD5 | 9a43af57707d2fb460832049d1f217d1 |
| SHA1 | 056d813f8cb5198ca82072f7e3484f38ea5267f8 |
| SHA256 | 7224f8828694ed74a8353567e4d84da188d15a993a4a75938f8409cb49218e7c |
| SHA512 | 1f33175f5d0958c79540a627552f71c6960b6ff19c9b2b0aa604c00bfeff216f6ea2ec3a22ef91ad8d7249597fdf5ad49ddbf5f4aef71b397e785152474954d7 |
/Users/run/Library/Caches/GeoServices/ActiveTileGroup.pbd
| MD5 | 1c2ed2c9c3263add238ee68b17022785 |
| SHA1 | 3ffc3aa34c709ca37a58fd8423d00d1dfae14999 |
| SHA256 | 5dbb34de5f4cabb1a4e561d8de1550be857e44a4ebd52d7a56d5540330a20bc2 |
| SHA512 | 95570fd45c5390151bcd292b9aee4af2da648677c7c30b5285b4c52b94d583743b96b333448cb490aea7c6961d9a33a2eddda97977cc341e7040d45779a3b3d3 |
Analysis: behavioral6
Detonation Overview
Submitted
2024-06-17 17:07
Reported
2024-06-17 17:07
Platform
ubuntu2404-amd64-20240523-en
Command Line
Signatures
Processes
Network
Files
Analysis: behavioral1
Detonation Overview
Submitted
2024-06-17 17:07
Reported
2024-06-17 17:37
Platform
win10-20240404-en
Max time kernel
1800s
Max time network
1593s
Command Line
Signatures
Legitimate hosting services abused for malware hosting/C2
| Description | Indicator | Process | Target |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
| N/A | discord.com | N/A | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| File opened for modification | C:\Windows\Debug\ESE.TXT | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| File created | C:\Windows\rescache\_merged\3720402701\1568373884.pri | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\system32\browser_broker.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000\Software\Microsoft\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\CIStatus\CIPolicyState = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Explorer\Main | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CacheLimit = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\MrtCache | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DomainSuggestion\FileNames\en-US = "en-US.1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\EnablementState = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History\CachePrefix = "Visited:" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\HistoryJournalCertificate\Certificates | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus\ACGPolicyState = "8" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\FileVersion = "2016061511" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DummyPath\dummySetting = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Main\DisallowDefaultBrowserPrompt = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$Telligent | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\Active = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\DataStore\LastCleanup = 955ad1e3d8c0da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\ACGStatus | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active\{F6895895-ED2F-4B32-ACCD-93210E0AFA2A} = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VendorId = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Wow64-VersionHigh = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\CIStatus\CIStatusTimestamp = b7248bfad8c0da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Root\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\LowMic | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Protected - It is a violation of Windows Policy to modif | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\GPU\Revision = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings\Cache\History | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\BrowserEmulation\CVListXMLVersionHigh = "268435456" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$http://www.typepad.com/ | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\trust | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\ExtensionsStore\datastore | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\SyncIEFirstTimeFullScan = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Internet Settings\PrivacyAdvanced = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory\NextBrowserDataLogTime = 504f09450bc1da01 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\PendingRecovery\ReadingStorePending = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\006\CIStatus\SignaturePolicy = 06000000 | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CachePrefix | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Explorer\Main\OperationalData = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\OnlineHistory | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FlipAhead\Meta\generator$WordPress | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\FavOrder\TreeView = "1" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\004\Internet Settings | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\121\Internet Settings\Cache\Content\CacheLimit = "256000" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Recovery\Active | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4106386276-4127174233-3637007343-1000_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\MicrosoftEdge\Rating\Rating Prompt Shown = "0" | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
Suspicious behavior: MapViewOfSection
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe | N/A |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Windows\system32\LaunchWinApp.exe
"C:\Windows\system32\LaunchWinApp.exe" "C:\Users\Admin\AppData\Local\Temp\sample.html"
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe" -ServerName:MicrosoftEdge.AppXdnhjhccw3zf0j06tkg3jtqr00qdm0khc.mca
C:\Windows\system32\browser_broker.exe
C:\Windows\system32\browser_broker.exe -Embedding
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.0.1723812018\1703343625" -parentBuildID 20221007134813 -prefsHandle 1744 -prefMapHandle 1720 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {e94c1e50-7848-49b8-bf44-d1b46e423334} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 1824 200796cdb58 gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.1.196386737\1860714534" -parentBuildID 20221007134813 -prefsHandle 2152 -prefMapHandle 2148 -prefsLen 20828 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {436f414f-a1da-42cd-b871-4779b3703b51} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 2176 20079603858 socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.2.1280862579\1966553812" -childID 1 -isForBrowser -prefsHandle 2684 -prefMapHandle 3012 -prefsLen 20931 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {3e623182-6067-4bfb-aa29-fa62893e46ea} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 3060 2007d99c158 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.3.1599857628\681758064" -childID 2 -isForBrowser -prefsHandle 3544 -prefMapHandle 3536 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {9e367147-210b-4bd1-a908-77bb4a645179} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 3556 2006e662558 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.4.1273364104\312970622" -childID 3 -isForBrowser -prefsHandle 3796 -prefMapHandle 3788 -prefsLen 26109 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {611cc677-0170-4270-a524-0654bca678ad} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 3804 2007ecb1b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.5.731650688\1205902887" -childID 4 -isForBrowser -prefsHandle 4912 -prefMapHandle 4908 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {7194111f-9dac-486e-b862-fff31d23e9a2} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 4920 2006e630258 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.6.888787383\1963514278" -childID 5 -isForBrowser -prefsHandle 4956 -prefMapHandle 4960 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4b624524-5f84-43f2-84e2-4d930290c824} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 4948 2007d93ae58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.7.780292172\404716856" -childID 6 -isForBrowser -prefsHandle 5136 -prefMapHandle 5140 -prefsLen 26168 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {41015e5f-056c-477b-b1a7-8cd486b27f30} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 5124 2007f2f3e58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.8.1929658916\1868065081" -childID 7 -isForBrowser -prefsHandle 5628 -prefMapHandle 5464 -prefsLen 26424 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {cb2ad766-07b8-4e4c-8e53-c369b390ca25} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 4600 200815ebb58 tab
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
"C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe" -ServerName:ContentProcess.AppX6z3cwk4fvgady6zya12j1cw28d228a7k.mca
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.9.1470584567\1927313733" -childID 8 -isForBrowser -prefsHandle 2656 -prefMapHandle 4924 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {4643bdb3-133b-4b4b-ad53-009c83391802} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 3744 20079982058 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.10.124600157\5859890" -parentBuildID 20221007134813 -prefsHandle 5156 -prefMapHandle 3840 -prefsLen 27477 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {edd3edeb-3c8c-4154-8c54-88ef70c76714} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 2676 200817a9b58 rdd
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.11.1198221605\1825195414" -childID 9 -isForBrowser -prefsHandle 6020 -prefMapHandle 5168 -prefsLen 27477 -prefMapSize 233444 -jsInitHandle 1292 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -appDir "C:\Program Files\Mozilla Firefox\browser" - {32aadf7e-ccfb-4166-82f9-6ebd7f36391b} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 5060 20081b66b58 tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3524.12.137240292\255790609" -parentBuildID 20221007134813 -sandboxingKind 1 -prefsHandle 6124 -prefMapHandle 6188 -prefsLen 27477 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {5bacbda2-248b-4d54-a0c9-5d7faca8124f} 3524 "\\.\pipe\gecko-crash-server-pipe.3524" 6196 20082b21d58 utility
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | content-signature-2.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | shavar.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | tcp |
| US | 34.160.144.191:443 | content-signature-2.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | push.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 52.33.96.36:443 | shavar.prod.mozaws.net | tcp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | firefox.settings.services.mozilla.com | udp |
| US | 34.149.100.209:443 | firefox.settings.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | autopush.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.107.243.93:443 | autopush.prod.mozaws.net | tcp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| N/A | 127.0.0.1:49845 | tcp | |
| US | 8.8.8.8:53 | 166.188.117.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.96.33.52.in-addr.arpa | udp |
| N/A | 127.0.0.1:49852 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.201.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | tcp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 46.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 161.19.199.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | tcp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| US | 8.8.8.8:53 | consent.google.com | udp |
| GB | 142.250.187.238:443 | consent.google.com | udp |
| US | 8.8.8.8:53 | 238.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.213.3:443 | id.google.com | tcp |
| US | 8.8.8.8:53 | id.google.com | udp |
| US | 8.8.8.8:53 | id.google.com | udp |
| GB | 216.58.213.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | 3.213.58.216.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | tcp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn2.gstatic.com | udp |
| GB | 142.250.178.14:443 | encrypted-tbn0.gstatic.com | udp |
| GB | 142.250.180.14:443 | encrypted-tbn2.gstatic.com | udp |
| US | 8.8.8.8:53 | 14.178.250.142.in-addr.arpa | udp |
| US | 204.79.197.200:443 | ieonline.microsoft.com | tcp |
| US | 8.8.8.8:53 | 164.189.21.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.microsoft.com | udp |
| BE | 2.17.107.121:443 | www.bing.com | tcp |
| BE | 2.17.107.121:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 218.217.19.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 121.107.17.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 144.107.17.2.in-addr.arpa | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | 66.112.168.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | prod.balrog.prod.cloudops.mozgcp.net | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| NL | 2.18.121.79:80 | a19.dscg10.akamai.net | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.187.206:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r1---sn-aigl6ney.gvt1.com | udp |
| GB | 173.194.183.166:443 | r1---sn-aigl6ney.gvt1.com | tcp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | 79.121.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 166.183.194.173.in-addr.arpa | udp |
| GB | 173.194.183.166:443 | r1.sn-aigl6ney.gvt1.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| US | 8.8.8.8:53 | encrypted-tbn0.gstatic.com | udp |
| GB | 216.58.213.3:443 | id.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| US | 8.8.8.8:53 | play.google.com | udp |
| GB | 172.217.169.46:443 | play.google.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 162.159.138.232:443 | discord.com | tcp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | 232.138.159.162.in-addr.arpa | udp |
| US | 162.159.138.232:443 | discord.com | udp |
| US | 8.8.8.8:53 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 104.18.5.175:443 | global.localizecdn.com | tcp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 172.64.153.29:443 | cdn.prod.website-files.com | tcp |
| US | 172.64.153.29:443 | cdn.prod.website-files.com | tcp |
| US | 172.64.153.29:443 | cdn.prod.website-files.com | tcp |
| US | 8.8.8.8:53 | cdn.prod.website-files.com | udp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | tcp |
| US | 18.239.190.77:443 | d3e54v103j8qbb.cloudfront.net | tcp |
| US | 8.8.8.8:53 | global.localizecdn.com | udp |
| US | 8.8.8.8:53 | cdn.prod.website-files.com | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 8.8.8.8:53 | d3e54v103j8qbb.cloudfront.net | udp |
| US | 104.18.5.175:443 | global.localizecdn.com | udp |
| US | 172.64.153.29:443 | cdn.prod.website-files.com | udp |
| GB | 142.250.179.234:443 | ajax.googleapis.com | udp |
| US | 8.8.8.8:53 | assets.website-files.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 18.239.208.114:443 | assets.website-files.com | tcp |
| US | 18.239.208.114:443 | assets.website-files.com | tcp |
| US | 18.239.208.114:443 | assets.website-files.com | tcp |
| US | 8.8.8.8:53 | d1r5qv5z4elg7c.cloudfront.net | udp |
| US | 18.239.208.114:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 18.239.208.114:443 | d1r5qv5z4elg7c.cloudfront.net | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 162.159.134.233:443 | cdn.discordapp.com | tcp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | d1r5qv5z4elg7c.cloudfront.net | udp |
| US | 8.8.8.8:53 | 175.5.18.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 29.153.64.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 234.179.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 77.190.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 114.208.239.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.134.159.162.in-addr.arpa | udp |
| US | 162.159.134.233:443 | cdn.discordapp.com | udp |
| US | 8.8.8.8:53 | www.youtube.com | udp |
| GB | 142.250.178.14:443 | www.youtube.com | tcp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | youtube-ui.l.google.com | udp |
| GB | 142.250.178.14:443 | youtube-ui.l.google.com | udp |
| US | 8.8.8.8:53 | discord.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 104.18.32.137:443 | geolocation.onetrust.com | tcp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | geolocation.onetrust.com | udp |
| US | 8.8.8.8:53 | 137.32.18.104.in-addr.arpa | udp |
| US | 34.149.100.209:443 | prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | aus5.mozilla.org | udp |
| US | 35.244.181.201:443 | aus5.mozilla.org | tcp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
| US | 34.117.188.166:443 | contile.services.mozilla.com | udp |
| US | 8.8.8.8:53 | contile.services.mozilla.com | udp |
Files
memory/4660-0-0x000002A0BF420000-0x000002A0BF430000-memory.dmp
memory/4660-16-0x000002A0BF520000-0x000002A0BF530000-memory.dmp
memory/4660-35-0x000002A0BE680000-0x000002A0BE682000-memory.dmp
memory/3064-45-0x0000029168CC0000-0x0000029168DC0000-memory.dmp
memory/3064-47-0x0000029168CC0000-0x0000029168DC0000-memory.dmp
memory/3064-46-0x0000029168CC0000-0x0000029168DC0000-memory.dmp
memory/2584-51-0x000001E66B530000-0x000001E66B630000-memory.dmp
memory/2584-50-0x000001E66B530000-0x000001E66B630000-memory.dmp
memory/2584-55-0x000001E66B240000-0x000001E66B260000-memory.dmp
memory/2584-62-0x000001E67C280000-0x000001E67C282000-memory.dmp
memory/2584-60-0x000001E67C260000-0x000001E67C262000-memory.dmp
memory/2584-66-0x000001E67C2C0000-0x000001E67C2C2000-memory.dmp
memory/2584-64-0x000001E67C2A0000-0x000001E67C2A2000-memory.dmp
memory/2584-58-0x000001E67C230000-0x000001E67C232000-memory.dmp
memory/2584-56-0x000001E67C210000-0x000001E67C212000-memory.dmp
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\62c8659f-6589-4650-aae7-f3e1aba91b60
| MD5 | 53b6a6e46152d3e1ebc4e1bb5c7571e6 |
| SHA1 | 180d7e6553aa938c1e1cb34809582ff86966fb87 |
| SHA256 | cff13b6b91bf69932f7e4e98bf349d69b3e94a2b30943fadd46756cda82d639b |
| SHA512 | 2e820c44db3736708d4f6403554645f6196c81edc19e37574dc6d5a81a656e49a87d9de79e81104cfeea4290b140e24ac86fe86237497d189845570a8f1e1935 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\d523aa07-e0d3-4b2f-aad5-ec8e02a430df
| MD5 | dd78950cb191e16c71ee16b56324b6b1 |
| SHA1 | 45624d4fc37ec1ec1dd0bbd7b366641e0809ce60 |
| SHA256 | f2de9641acb5b325fe4214f3814577db92ab542cd7acdcc30544bcea69f89bb3 |
| SHA512 | 60c8931d71366c2535de31ddc9c8db545bd0a74f5a6d2abbe82c232f108b93835664b3501549ced73cbed329d60d5d365a488811a31d4a2a7d91f40a33ddb771 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\db\data.safe.bin
| MD5 | f3361e4c739d285c0658214a919efe06 |
| SHA1 | 17f652b65622bbcf57ac83be47d68815a9580194 |
| SHA256 | 7cf0e6eec0d21405f6a54aa96772c20270894b168cb747213b7e2c3e3e7ece05 |
| SHA512 | d177430980aa7210b0051fbc5be576e5a4e8509a5f4e10849c7ba84b94a811001ba971b1b1df555733c01406c42d7c3391fcfe216edd24419d5bfcbb44aeece2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | e7d901ad03d22078f4c42ecc83c3bd45 |
| SHA1 | 13ffe2ced2026e6b99c39a96d006c7832a72ba17 |
| SHA256 | fddee54013f830a84e74dce5679f6e4c3c71b4c5c51ecdf58bcef7e27eba4f17 |
| SHA512 | 8e7373116183db845f03c74e28effbe85b53c6c109f0a1a867fc4daa2944c099846644c5b6ecfa6408091d097a08b3f1b8cedcbeffbdcfaa14147f6b76663ec9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 2a7264dd361b4bcbb2f282a89c8d3089 |
| SHA1 | a0e24e8545f3d8396d0568df9cc17d3278618a31 |
| SHA256 | 3da1b4e20cade98a11ed2f5aa7e88f6326a10ddc1b36a95c15fc92be9b10d9b5 |
| SHA512 | d41b618841be1c0ad2f8fe3d3bc6452659cb9d8b99ca83bbac68933877b1a36ba1d30b468f05562ac57c80cc1bad9fd1d38eb83bacdabe2f368688e2a224b9c3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e6453c2b010c560985827704311a0110 |
| SHA1 | adf6e585a5ce1a91aafb3018d737e9c46f97f039 |
| SHA256 | 63287f4d06848c44884fe37b70d4f67a7ea9bb05454cf661d52b62e3f3dc2eb8 |
| SHA512 | 6acb8e44c21b6bb5fc84aaa5bf76d436ca3a07bcbad248e69d054a85e29e458f59d8f30450f878209e9ee5b9ee521b52b1fac3ebf13c9af71e84b1efb7400db8 |
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\VSH5XF98\edgecompatviewlist[1].xml
| MD5 | d4fc49dc14f63895d997fa4940f24378 |
| SHA1 | 3efb1437a7c5e46034147cbbc8db017c69d02c31 |
| SHA256 | 853d2f4eb81c9fdcea2ee079f6faf98214b111b77cdf68709b38989d123890f1 |
| SHA512 | cc60d79b4afe5007634ac21dc4bc92081880be4c0d798a1735b63b27e936c02f399964f744dc73711987f01e8a1064b02a4867dd6cac27538e5fbe275cc61e0a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 380c2c93c981e48053844996b28e1d38 |
| SHA1 | ad5bf213b9022edf2d8b3103b54744f0dd12bc29 |
| SHA256 | b01b1eae697b208ee93528daa302994d6c28ee14e1bdaa17eb8f0b47932e4dde |
| SHA512 | a1f518eac5405045956fa269e2ad04c1b9e0dd1d672c0207c4eddf746cbb1448cc84f9ece405b10dbc65f01dcae6256479954f5d3282b9664a66988c251cd9ec |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 39f6a07857ce22a883c37c7a4329608f |
| SHA1 | 6f2d0444a6f904a082479ba5717bd7596ce17fac |
| SHA256 | 80d467163d7fc471c5c9bede4eb7cb3be24c6ec172352aff55dc2b90057c93e8 |
| SHA512 | aafe9b7c0fb55d2ca90691b60610bcba572cf9f967fa5aefa2c05119f1b2283064ad2d09fc3d452c29c873258a0966d0461948c389fbaba5010cf57b6f5fe42f |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 41c93d385062990d2d44612009ea0bfe |
| SHA1 | cb88b632f7c69b8081e6d61c7a44780d160d9743 |
| SHA256 | aae9eaf376bad239310e8e49b1596a0c7ba3227a25183275a1bd6d0ba7cbbb27 |
| SHA512 | 8f5f026d5b2c6f2286978e44dd94f04ca7a548a0b59128e04385cab9195cb8d3fbc705e6d6ba591ddb17b4275b2c3f0aa095020b0b769b1f5fd47b105074f3a3 |
memory/4660-386-0x000002A0C61C0000-0x000002A0C61C1000-memory.dmp
memory/4660-387-0x000002A0C61D0000-0x000002A0C61D1000-memory.dmp
C:\Users\Admin\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\MicrosoftEdge\Cache\RWTB4C9B\suggestions[1].en-US
| MD5 | 5a34cb996293fde2cb7a4ac89587393a |
| SHA1 | 3c96c993500690d1a77873cd62bc639b3a10653f |
| SHA256 | c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad |
| SHA512 | e1b7d0107733f81937415104e70f68b1be6fd0ca65dccf4ff72637943d44278d3a77f704aedff59d2dbc0d56a609b2590c8ec0dd6bc48ab30f1dad0c07a0a3ee |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\6440C0B35A4A68EC0CB1C1C79C6E06D909B352BB
| MD5 | 6d94836e18326e7612ac5e481afcc03e |
| SHA1 | 2bdd68ca1690ddadd0e914f3fe80ede454351734 |
| SHA256 | a16333aece03b691c1ada8debf56856847059f12602da6f122636428be90ea9c |
| SHA512 | a740222ba79a5ddaa63f0a272c2ab1dccf68f5ceb6f467ac508b6e2bc75e3b58d887197bb52c486b5cc66d50b39cc29e3f19314fe5e2982ab5c7d48adc59cd60 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | d9236fb271c767c97e22b50e67bdca33 |
| SHA1 | a9ba1c7836a67d6bf28f95c613f45d64e70bc7b6 |
| SHA256 | ad493161bc341eb20ea95b82cdba397608b3d3c4fc78b3b049d679dfaf8c1abf |
| SHA512 | e0195ed88a02842b2665960f249d5a15d5886a351764e83f6bfa3fdac4696e3c4c38646d84831ffa925a518489b636fa67a0bfb32c705400b627ec35c63fe410 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 6b246b18957a504914c329b2bbc4fa57 |
| SHA1 | b25ca4ba0b30ba41cb9102e179cc16825be37b7c |
| SHA256 | 98c7f4764690ea0a1ba31d148b9b36254d8b9b07e90286f23672be2b9bedfee7 |
| SHA512 | fb902e5a640baa281e8fc325a32f61bfd6a6731ad56ae72665eef21115622df72e94f48fb391eda45450944589fc9bcf789399bf3e4379335930b086e4bb07ff |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\C2B343293D74C0911676101D4B50A617EB32532F
| MD5 | 152f99d8c5a8bdd6417157bb951c425d |
| SHA1 | 9b3037454a18aa9c5003d0eb9a19072ab4b39afd |
| SHA256 | 476627c00673f188ecd21917070dec9d73a931f74efe9fcd02ce3066f673a845 |
| SHA512 | 1cfe7b108f030ac319fdb6886a3e2b09d7554f051b1cbf83629d63c643815071ebce88b2da823e958f42d92fecca3d68e6ab55da6a96f96f1269eaa4bc3e573f |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\4820
| MD5 | 4f75b4df673ace222282bc7904c37b7b |
| SHA1 | 8e5a6bb281c7452d7b9d1612be0b0034a5e774e1 |
| SHA256 | f70a848260301bdbbb322b4b9601ea1593d6113263e3a1bdd7fd2776f1c09236 |
| SHA512 | db6021e626c5ee91f411cc6e6b563a4ed02c54e3bb7bb3923766f05af88fe6cdbdc27ae439d10952adce1d4b0c695739490fe7719ea156a6c7c83648959d33c5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | e6a1ef69cbbada7673121a2848d2c122 |
| SHA1 | d157b508a5580e17e51b57a5c86e2038b1e8c56f |
| SHA256 | 508e9214793d72c1bb03aa4755de13f287394557caa8956f5ffc42551744351e |
| SHA512 | c53d7c4b33d3e28d4b58f5ac01b0e5b88fd3e4e45df3d9e2a380ff28dd5732e835c03d29f5f3c8a6ce66b7f005c390de306b1f2afebf3f001b089ef53dd24403 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\7338878D1F09ABE854F9F571958E0BF592D87734
| MD5 | a8dd5077325f9825248c7956fee06165 |
| SHA1 | f18b43e9c1b951ce84a3f21a95d58c1a8530f1f0 |
| SHA256 | 74f39f2f701ce0f04366ea5aa6dd3db00ca7b6001dfee48a17717d669726ae9c |
| SHA512 | 2cd887606cd658325fcaf6abf954d3a339930d72c02d638dc9635aa42d1154efdcd0921b20e5754cd82e7d97c612b43d27b477c29c9ca0a237fa037c9f9b13ed |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\69854F481DCFDDCA13D33E9CC88CC43C0D38B749
| MD5 | be57a3334894a52ab6becc81f6f9314b |
| SHA1 | 2c09c3563d1ed26992518c88850b666be18dfa04 |
| SHA256 | 757ce700906f5061c8dac393f0966f1d116eb60ada9cb27336e186d91572976b |
| SHA512 | 49c4d96141904a044f23e3e01422a737889c3c9ff3bbc030ab1778fa7448f1209a44adb47a7c315d508196b994ceb71123695ace0b6d01b21648f15a94e8e19d |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\220586DF253C7A64A7E43D70AC5709BC8653383B
| MD5 | 140ad362c1039668e24895e0a731f3ae |
| SHA1 | d10efde007e704ee41114ce2ef00c2cdabc5e314 |
| SHA256 | 226678640a9811f4af30098ecfb62eaa92d0028721501d0ef1fbbee0cf06a5c7 |
| SHA512 | 1527a5779d5182a9ad0037b9b7ee9b0d90f47fbccceedc36f04147f363dd4579a316c51cfdf1f21a7bedb7cabadb93aa78f6851cd56497af6b2b82c6620e47c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 1ca5ed4c2577ac8c6d534d8b334be2e1 |
| SHA1 | 5a47ef14466c5cae9f5055bac92eedf8664497b0 |
| SHA256 | eb154b2959adbf5d70c196c814c73d8b67b5d6bbce25e6774ef0536c65b8d632 |
| SHA512 | 2d4804164720bca1b5333b6603d99a81e4d616080ff5f05b0c9b40a51650a327997bba649bbb446cf29b62dbb5f6051ad480a4b7e629412f9c58ba53948037a5 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\jumpListCache\0WwvO3eo0lK2fSi8UlDI+g==.ico
| MD5 | 42ed60b3ba4df36716ca7633794b1735 |
| SHA1 | c33aa40eed3608369e964e22c935d640e38aa768 |
| SHA256 | 6574e6e55f56eca704a090bf08d0d4175a93a5353ea08f8722f7c985a39a52c8 |
| SHA512 | 4247460a97a43ce20d536fdd11d534b450b075c3c28cd69fc00c48bdf7de1507edb99bef811d4c61bed10f64e4c788ee4bdc58c7c72d3bd160b9b4bd696e3013 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 94bf3d7cd881e75240791dfa5eb9d860 |
| SHA1 | 4a44dcf36f834b776c1efc77b6bbc50167e52d29 |
| SHA256 | d2274b0e71b0322485781014c88e6c25d45fbdb09dd3fe233619157237625c0c |
| SHA512 | 6122bf4671be53efa685a19dd7b1f3237545bc8a72885f82335ed4e2b1fe3d349171bb25ae5bb31c003f5c674d079121568ba99988cb0ec237ea721ecaa7be21 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\a4ec606d-32a3-4315-a9a4-59e0ca5c42ee
| MD5 | e78915af2796d515778dcd99829fb1f2 |
| SHA1 | 43da40bacc745ce46abcf96e9af6a3f44559969b |
| SHA256 | 0ea881fde75018ebcc4cc48440e6c7b0cf4c3cad504b81c8022dfd2d874de5d9 |
| SHA512 | 7fd428f607ff783aaaaa065c82e6a936ace02ab0d769569b987893255d07735044077d42894ff7a8f338ab1558ee16d053c974cd6948d09b8768746be28f5ade |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\datareporting\glean\pending_pings\7dee59ae-513f-4d22-a6e8-522c92e43bdc
| MD5 | f152167f607caf204404df1512125ba7 |
| SHA1 | c65babf00a0d7923224670e3235784e74c399071 |
| SHA256 | 1f6cc049fb4fb8fb73912d54965904da3d4802f79ba71e87ebcd6d1363ffe33f |
| SHA512 | ab20753bebef012edabd7503966ca037beb83d4cf508893ac41357fdc794bb1414a33b9ae2897fa5dc588d4ac858db9a990a622a5561d089d60e9f49c43a7b6f |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 85430baed3398695717b0263807cf97c |
| SHA1 | fffbee923cea216f50fce5d54219a188a5100f41 |
| SHA256 | a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e |
| SHA512 | 06511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
| MD5 | fe3355639648c417e8307c6d051e3e37 |
| SHA1 | f54602d4b4778da21bc97c7238fc66aa68c8ee34 |
| SHA256 | 1ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e |
| SHA512 | 8f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
| MD5 | 3d33cdc0b3d281e67dd52e14435dd04f |
| SHA1 | 4db88689282fd4f9e9e6ab95fcbb23df6e6485db |
| SHA256 | f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b |
| SHA512 | a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 0d76dc57c180224731a62781102c2742 |
| SHA1 | 16166dc3154fd808b46e89cd5506c75b9e199639 |
| SHA256 | a92d883e5cda1519977f4b3220f1e996032c6afbfe7cd93039991bba4bb01796 |
| SHA512 | 86d991939987847950605e9619afa903d7177a4098f71b1052c81eb6a8a3d9d0c652a0c76bdbe85a3738d51fd04dc910498254c5644e527960c70ff9d4211f1e |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | a01c5ecd6108350ae23d2cddf0e77c17 |
| SHA1 | c6ac28a2cd979f1f9a75d56271821d5ff665e2b6 |
| SHA256 | 345d44e3aa3e1967d186a43d732c8051235c43458169a5d7d371780a6475ee42 |
| SHA512 | b046dd1b26ec0b810ee441b7ad4dc135e3f1521a817b9f3db60a32976352e8f7e53920e1a77fc5b4130aac260d79deef7e823267b4414e9cc774d8bffca56a72 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
| MD5 | 49ddb419d96dceb9069018535fb2e2fc |
| SHA1 | 62aa6fea895a8b68d468a015f6e6ab400d7a7ca6 |
| SHA256 | 2af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539 |
| SHA512 | 48386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
| MD5 | 8be33af717bb1b67fbd61c3f4b807e9e |
| SHA1 | 7cf17656d174d951957ff36810e874a134dd49e0 |
| SHA256 | e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd |
| SHA512 | 6125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
| MD5 | 33bf7b0439480effb9fb212efce87b13 |
| SHA1 | cee50f2745edc6dc291887b6075ca64d716f495a |
| SHA256 | 8ee42d9258e20bbc5bfdfae61605429beb5421ffeaaa0d02b86d4978f4b4ac4e |
| SHA512 | d329a1a1d98e302142f2776de8cc2cd45a465d77cb21c461bdf5ee58c68073a715519f449cb673977288fe18401a0abcce636c85abaec61a4a7a08a16c924275 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
| MD5 | 688bed3676d2104e7f17ae1cd2c59404 |
| SHA1 | 952b2cdf783ac72fcb98338723e9afd38d47ad8e |
| SHA256 | 33899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237 |
| SHA512 | 7a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
| MD5 | 937326fead5fd401f6cca9118bd9ade9 |
| SHA1 | 4526a57d4ae14ed29b37632c72aef3c408189d91 |
| SHA256 | 68a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81 |
| SHA512 | b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms
| MD5 | f8316c6207e245a736863a5153f5fc79 |
| SHA1 | 1e3feb00bd4ac97777862e2845dae9af991d4c12 |
| SHA256 | 25a81072890be532fe7ba313ce790980c686ca96392728f24c6742336319fd77 |
| SHA512 | bb656d9aed0115633885bbbbef60f2edf644a8728b425cbef1d3ed778a25ee3fca60c43b4dbd483f13e1e911e78ee118df8062451fa5f194fe63dbf7b8f6ba98 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\5B23235D54208C34AFF88FC6F18585FD8A8F8FAD
| MD5 | 283db4d46d4fea542f63573ef707a632 |
| SHA1 | 5b316de1423ad31cdf12c2e44b4bed4cd3696d4c |
| SHA256 | e4d4dc263aeed88a3c503209f5c72fc0131e11eaea2e261faf2d7896094ae262 |
| SHA512 | d5ff1a4da9aa8a87143a1bee912c083cc6acd74c1500fbf6f835b0793e0d256d64970b6f2129b47be4418222ce637fdc39ddc2eb8ea074c14464f22bcd9feefc |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | bcf159387da81edbf36e58388fcb2b22 |
| SHA1 | 74a221c05eb21234712bff64d4697f5437e2665e |
| SHA256 | 6c6ca698c1c79f06d81d4437e4fd6ac2b28956d1ae48058e24f2b13b9cf75624 |
| SHA512 | fec6d5ee261fcb2e26a1d6551ac9b0c5b72fef97b3a9df9abd2ee7431d47ecd823dafb58b4ec91822c661d45472553b007ed15ce434b54c8f5b142af4e4e7b86 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | a773e21f9a38221ca3b8a954acf821ed |
| SHA1 | 13b1a2d413e0aceb1d8f01e080b7acd9f87f6231 |
| SHA256 | f35319f83aed37cbfadb22345979fa3f3f5f5a344d6fb2ba34d48bf89851bf18 |
| SHA512 | 585a249af007c214ed7efd2c14b9a7a0fa03bc9e037d0a7539de181a3a602eb33ee17c6b9217ab5334f5dbaf07de64d91b22cf8bf2612d8488f7ebfcc2bbfa20 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\14037
| MD5 | 7eacbb2a5f2b385fcf655fafc02a630a |
| SHA1 | 3b4386d8e919f031173b9137d531ea35e938f7c5 |
| SHA256 | 1c0d30223b44b8393920a5d48b4d14e04e94e55b924754b7030a42292fa14651 |
| SHA512 | 46b0f795908469997fe44d749e97bf90a3c8cfacb08ba4e4fa69c80af279d6a7c8bf808041a63cf63cbad5eeccb8a3cf65ac3800cbb16b3474910ea1fd1aa1dd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | dd5d3bf1eb0665f6bc4ed9904cd3d2a0 |
| SHA1 | 30cd39b5822a17b8ba6ac34e87bcce3d206b381f |
| SHA256 | d60c8d3af4935fea53847305e22df34f734cc3e5f5111b249c8b1f0428833a46 |
| SHA512 | 4a875f6fabc4d3aa11b03a335f5086d9ab4b3c2a6342c20f460b6a364af2a73ff1f42bcbdcb2151d2d2a2f8ec84591746d691138adab7369d5b39dc7520ed2ca |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionstore-backups\recovery.jsonlz4
| MD5 | 3a8685267135e15da27203dc9cb5b6e1 |
| SHA1 | cd1ccd37efb020af777a5f9bc4b00a3264f61247 |
| SHA256 | d163c95dd87d0e5cc50edb56bbcd74c6230916b9a8cae1c385c6824443b7f395 |
| SHA512 | aa06b3f271482ccfa4c0c79ff56874c736a218a86d0bb0691251b7607938517d54619cc96443b405d082a3038115e90c6d3b9362216be1ba71c4b2db1959e4a3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 0cd28b8a13b7106eef46954e4b0efc05 |
| SHA1 | 6146fa3b6a9ba28b0dc8bdedc5850f792c71ebcb |
| SHA256 | f58dfb9a1f0502fe3203a76cd98ea7a29a2073dbaf41c83117aac84858ff1d96 |
| SHA512 | bfae6199f4794100de3a96f8d977748045fc6a6d31930d3c1161305e8c4ae53f643fa03fe041aef0757cbe73aaeb2ec67587e3a6f63b08c7acafabcc3e3562c1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | f6e88d4501a0c4bc5733851ca966bed2 |
| SHA1 | cd853d0ba51a7d4c5a34a1440c2a5c358975309a |
| SHA256 | e7be91e635a9330261cdd03e017c8957ffc7abd795e3d9203a32cc1c3590bbb6 |
| SHA512 | a1c005f8ed9611e1ba64adc6e68bf7192743ebd0d234aecf6047fea37725a3ed4ea49a1df43b7d65abbb6a55c8a2c004c58973d1ffc25ee6f20d55ee3f0addb1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 3d365a26afcd7a1aa3da2b014beb670f |
| SHA1 | 67df57f11377e53a287cb55c81176ed317937b80 |
| SHA256 | 6bdbfa0e84cb38c99b22efb1131e5e5ee6fdc19f660eeb4bf4cb28b9b6e4355a |
| SHA512 | 172ead14fb8e4f1c0e5571ec892273b41a500e2fa23d057d7a690ffee41c39ab9ce1ada00d94375df6622bfca8df52a2121e71b1f06d4b601c6039a4b72e39bd |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\entries\3C037406957C6A3957979D98A58F5D96FF6B1489
| MD5 | 52b99a37e9e097f9030979322c7d1269 |
| SHA1 | 93f0b4ec3f2710b30f331ae4a0d6df000ff41529 |
| SHA256 | 9e966e2c84aa67730d3fb6467ebb88350232f8f0b7ed2c8903cfa03bd85c3f77 |
| SHA512 | 580658fad998938add135ffc24f01d0a60eb7fc3ff2fb645a233ebc8f340cc56fb3978dd9a1c8d7b62263f774369f29f53800ebca51498a9b54ab1c65a8a33ee |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\broadcast-listeners.json
| MD5 | 72c95709e1a3b27919e13d28bbe8e8a2 |
| SHA1 | 00892decbee63d627057730bfc0c6a4f13099ee4 |
| SHA256 | 9cf589357fceea2f37cd1a925e5d33fd517a44d22a16c357f7fb5d4d187034aa |
| SHA512 | 613ca9dd2d12afe31fb2c4a8d9337eeecfb58dabaeaaba11404b9a736a4073dfd9b473ba27c1183d3cc91d5a9233a83dce5a135a81f755d978cea9e198209182 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\xulstore.json
| MD5 | 99914b932bd37a50b983c5e7c90ae93b |
| SHA1 | bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f |
| SHA256 | 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a |
| SHA512 | 27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\targeting.snapshot.json
| MD5 | d4f4986211554b9c5c811138a906ecf6 |
| SHA1 | 5a582cc8df133ef48a08bedbc56e42b1e4cedca1 |
| SHA256 | 80497bbdad7b427bad1a0a3db9a0c2975ecd771e2fd0bf275617decdc25a583a |
| SHA512 | 73f34af2172f9cb78ac730013115906808ac732e7cf381c700974da5072833530c6277cf56e300e8210913fb923e33b9c8a936a6e0cfeb077202ac420225d167 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\sessionCheckpoints.json
| MD5 | c4ab2ee59ca41b6d6a6ea911f35bdc00 |
| SHA1 | 5942cd6505fc8a9daba403b082067e1cdefdfbc4 |
| SHA256 | 00ad9799527c3fd21f3a85012565eae817490f3e0d417413bf9567bb5909f6a2 |
| SHA512 | 71ea16900479e6af161e0aad08c8d1e9ded5868a8d848e7647272f3002e2f2013e16382b677abe3c6f17792a26293b9e27ec78e16f00bd24ba3d21072bd1cae2 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\bookmarkbackups\bookmarks-2024-06-17_11_+ftwiIQfjYtrlniJNZ3V4g==.jsonlz4
| MD5 | 5454384ec38638981ce5e67157b8f07d |
| SHA1 | 20da940d1b48d7c555b5f7d050fcc26b9fcaa217 |
| SHA256 | faa28431b2b70bce1f1552ef63266622ee731b9a30a3b314c9b6d6e0bdc07e11 |
| SHA512 | 5526c70002b23f106dbb494742fce905cba27979f8bf8f2a92832232fb34b6bf873043f0b54f88567250f358e5fdd93438f5211318ee303ad71615ea85d1f2f6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\SiteSecurityServiceState.txt
| MD5 | cb246d71e1399ed7a90cfa2c7be81b82 |
| SHA1 | 1c21fcaca10a6c954bb50af033fea588ec5418ed |
| SHA256 | 46b34f129b4d38f62de2c00becfab1f344ad6b8e2cb76abdec056ad831fb7bc9 |
| SHA512 | aab9f257fd5f8868c40e43c45616262da8285a2fd3e59dfcf708da9a1236da09f14a2bd50d58fb650bf03037996721a40fee8c4e5c416217e379a7b9b3f9d3ed |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs.js
| MD5 | 45876a24cb0fc3078c1a1c1b5223186c |
| SHA1 | a9659a532ca4401c7973a2d563150d209459a791 |
| SHA256 | a12176b18bbc16f96c4111654cf13f90405979c960f0a69d5199f9a39f83639b |
| SHA512 | 9fd4c7c666c8a1bc19b752d4dd7dab62d17ae89ba2863e9e1e307c32693fbfd7e38327696e41d4b29d94d9ac0ebcc76dcfb44b7eab61741dba3d4901fcc036c6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\prefs-1.js
| MD5 | 367bf570ab67040c181bf984c3212847 |
| SHA1 | 93e6d60b47bc59c5917327c113494cebc5479cfd |
| SHA256 | 972bade2d4252a82374ba3d32da44ba573d59a62da46b97c0eea059624f09cfc |
| SHA512 | e634e014a514ba0b156cbd409346e16dea9aa689b92b0201fadf7a938ce63c16d54794b75d9a071cd5d2412bfa1201d411b24a56e213cbbdb1a402f377aa8e90 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\wjyk7j4u.default-release\cache2\doomed\5151
| MD5 | f93df6a0dcdfad426af19f0f2033d8d4 |
| SHA1 | 7247734b4fe5e43746726ff6315f2342539a8e6f |
| SHA256 | a3ed94aafcb4e0fdcffa34740af84ec55ad224dd531978215a4927a101b20afd |
| SHA512 | 89a5456f5fc471d67c938883f731f22003fbda700737f66225d770b637c65f2d96ce5730f884dcb8b7af9ec53639c9633863d04fc26c64e3736e7afadfceeac0 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-06-17 17:07
Reported
2024-06-17 17:37
Platform
win10v2004-20240508-en
Max time kernel
1770s
Max time network
1689s
Command Line
Signatures
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of WriteProcessMemory
Processes
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument C:\Users\Admin\AppData\Local\Temp\sample.html
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fffca1246f8,0x7fffca124708,0x7fffca124718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2252 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2760 /prefetch:8
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3304 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3488 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4528 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4608 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4624 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5196 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5092 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2240,7503666439840543662,10672896092636431794,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2028 /prefetch:2
Network
| Country | Destination | Domain | Proto |
| N/A | 224.0.0.251:5353 | udp |
Files
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 439b5e04ca18c7fb02cf406e6eb24167 |
| SHA1 | e0c5bb6216903934726e3570b7d63295b9d28987 |
| SHA256 | 247d0658695a1eb44924a32363906e37e9864ba742fe35362a71f3a520ad2654 |
| SHA512 | d0241e397060eebd4535197de4f1ae925aa88ae413a3a9ded6e856b356c4324dfd45dddfef9a536f04e4a258e8fe5dc1586d92d1d56b649f75ded8eddeb1f3e2 |
\??\pipe\LOCAL\crashpad_4676_UWGDEIWCOJQVMFGX
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | a8e767fd33edd97d306efb6905f93252 |
| SHA1 | a6f80ace2b57599f64b0ae3c7381f34e9456f9d3 |
| SHA256 | c8077a9fc79e2691ef321d556c4ce9933ca0570f2bbaa32fa32999dfd5f908bb |
| SHA512 | 07b748582fe222795bce74919aa06e9a09025c14493edb6f3b1f112d9a97ac2225fe0904cac9adf2a62c98c42f7877076e409803014f0afd395f4cc8be207241 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 7c0f9785f0b272ff103a8c4e552f3108 |
| SHA1 | 15e819c5d94f3a67e64148bbeada398cd86ded28 |
| SHA256 | c93d337213cce6827dde24ea5b1802ca9b245bf9448fee1b9ad9ba3305c2bb07 |
| SHA512 | 6c43da5bb536d0d9958bf3c5154eeb3e5aef8df6b05344a9c8b10f9ad1eb47092b199a52e54098a3ebe8760f89b9e3c4af86817933301280331ff7eead1639da |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 64c3a854c3e46e2dff322a1dfc5eb367 |
| SHA1 | 8fba7d165f54f5d082af3c77b11ba1d99dc764f2 |
| SHA256 | 67f89b403d6c3aee555dba14c5c2e18656beb08ad658d09072dafc0ea0b6084b |
| SHA512 | b47f3d1d2c4db8f880df909e93bac07d952f37e859987460fedd3bafdb05ac109cba41441cb6ed641fbed0bde39e7baf165cb5e210eea7f62749305eb51e0af1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | d0e23aaeb8c007be3a5d0b3e7e906942 |
| SHA1 | 191a787dbf9a788bf0dddb3aa5c80117879005a2 |
| SHA256 | 56e3708f7cdd327c17705441407a08addaab121eb83dead893a594382c24ecb4 |
| SHA512 | 0555d9db09e269afd70375f80b683bad5b4d73d518c553fe05f0ff1acc82a1eec466d40982ca5e3c052c601ef8279b7f4c04d5a248a231f3f42a99f91a27915e |