hxxps://github[.]com/soldier-dog/FortniteCHT-sooj/releases/download/lat/git[.]software[.]v1[.]1[.]7[.]7z

Resubmissions

20/07/2024, 01:17

240720-bneycstbqf 8

20/07/2024, 01:13

240720-bllywszclr 8

Analysis

max time kernel
1800s
max time network
1685s
platform
windows10-2004_x64
resource
win10v2004-20240709-en
resource tags

arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
submitted
20/07/2024, 01:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/soldier-dog/FortniteCHT-sooj/releases/download/lat/git.software.v1.1.7.7z

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 2 IoCs

pid	Process
2320	winrar-x64-701.exe
5672	winrar-x64-701.exe

Checks processor information in registry 2 TTPs 18 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 4 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-384068567-2943195810-3631207890-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-384068567-2943195810-3631207890-1000\{3DFC1968-CA49-4A2A-8E03-B4F6AEFCAF9B}	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 77468.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

pid	Process
2424	msedge.exe
2424	msedge.exe
1096	msedge.exe
1096	msedge.exe
3820	identity_helper.exe
3820	identity_helper.exe
5096	msedge.exe
5096	msedge.exe
2368	msedge.exe
2368	msedge.exe
1140	msedge.exe
1140	msedge.exe
7100	msedge.exe
7100	msedge.exe
7100	msedge.exe
7100	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
4540	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe

Suspicious use of AdjustPrivilegeToken 3 IoCs

description	pid	Process
Token: SeDebugPrivilege	532	firefox.exe
Token: SeDebugPrivilege	532	firefox.exe
Token: SeDebugPrivilege	532	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe

Suspicious use of SendNotifyMessage 44 IoCs

pid	Process
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
1096	msedge.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe

Suspicious use of SetWindowsHookEx 39 IoCs

pid	Process
2320	winrar-x64-701.exe
2320	winrar-x64-701.exe
2320	winrar-x64-701.exe
5672	winrar-x64-701.exe
5672	winrar-x64-701.exe
5672	winrar-x64-701.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
4540	OpenWith.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe
532	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1096 wrote to memory of 2488	1096	msedge.exe	85
PID 1096 wrote to memory of 2488	1096	msedge.exe	85
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2224	1096	msedge.exe	86
PID 1096 wrote to memory of 2424	1096	msedge.exe	87
PID 1096 wrote to memory of 2424	1096	msedge.exe	87
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88
PID 1096 wrote to memory of 2028	1096	msedge.exe	88

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/soldier-dog/FortniteCHT-sooj/releases/download/lat/git.software.v1.1.7.7z
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffea4b446f8,0x7ffea4b44708,0x7ffea4b44718
  2⤵
  PID:2488
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2036 /prefetch:2
  2⤵
  PID:2224
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2244 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2424
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2928 /prefetch:8
  2⤵
  PID:2028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3412 /prefetch:1
  2⤵
  PID:4932
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3540 /prefetch:1
  2⤵
  PID:4496
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  PID:2220
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5416 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3820
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5508 /prefetch:1
  2⤵
  PID:4788
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5748 /prefetch:8
  2⤵
  PID:3996
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5788 /prefetch:1
  2⤵
  PID:3944
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5908 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5096
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6104 /prefetch:1
  2⤵
  PID:3264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3960 /prefetch:1
  2⤵
  PID:4560
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5916 /prefetch:1
  2⤵
  PID:4648
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3996 /prefetch:1
  2⤵
  PID:3172
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=3104 /prefetch:8
  2⤵
  PID:412
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=video_capture --mojo-platform-channel-handle=5484 /prefetch:8
  2⤵
  - Modifies registry class
  - Suspicious behavior: EnumeratesProcesses
  PID:2368
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6320 /prefetch:1
  2⤵
  PID:4272
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6288 /prefetch:1
  2⤵
  PID:5268
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4760 /prefetch:1
  2⤵
  PID:5280
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4980 /prefetch:1
  2⤵
  PID:5492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5636 /prefetch:1
  2⤵
  PID:5500
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
  2⤵
  PID:5652
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6620 /prefetch:8
  2⤵
  PID:5736
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=27 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6716 /prefetch:1
  2⤵
  PID:5816
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=28 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6684 /prefetch:1
  2⤵
  PID:5824
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3536 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1140
- C:\Users\Admin\Downloads\winrar-x64-701.exe
  "C:\Users\Admin\Downloads\winrar-x64-701.exe"
  2⤵
  - Executes dropped EXE
  - Suspicious use of SetWindowsHookEx
  PID:2320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2020,1408710888629009157,2689674185293535336,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2152 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:7100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3240

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4908

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5888

C:\Users\Admin\Downloads\winrar-x64-701.exe
"C:\Users\Admin\Downloads\winrar-x64-701.exe"
1⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:5672

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:4540
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\git.software.v1.1.7.7z"
  2⤵
  PID:1072
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\git.software.v1.1.7.7z
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of SetWindowsHookEx
    PID:532
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1956 -parentBuildID 20240401114208 -prefsHandle 1880 -prefMapHandle 1872 -prefsLen 25755 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {b3323c96-7743-4c13-bb85-e3fa26bb23ae} 532 "\\.\pipe\gecko-crash-server-pipe.532" gpu
      4⤵
      PID:2248
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2492 -parentBuildID 20240401114208 -prefsHandle 2460 -prefMapHandle 2456 -prefsLen 26675 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {181d6605-5b8d-4bd8-b6f5-6ece80beccfb} 532 "\\.\pipe\gecko-crash-server-pipe.532" socket
      4⤵
      Checks processor information in registry
      PID:5384
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1448 -childID 1 -isForBrowser -prefsHandle 3064 -prefMapHandle 3048 -prefsLen 26816 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {78d3ac8d-a781-49a6-b87f-8132818e2526} 532 "\\.\pipe\gecko-crash-server-pipe.532" tab
      4⤵
      PID:4556
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3128 -childID 2 -isForBrowser -prefsHandle 1632 -prefMapHandle 1628 -prefsLen 31165 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e93e47c5-f03d-467e-833e-ec9d943cb9d4} 532 "\\.\pipe\gecko-crash-server-pipe.532" tab
      4⤵
      PID:864
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4316 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4404 -prefMapHandle 4416 -prefsLen 31165 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3c49a82a-1fd9-47ea-b2d6-1d180219d291} 532 "\\.\pipe\gecko-crash-server-pipe.532" utility
      4⤵
      Checks processor information in registry
      PID:4444
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5584 -childID 3 -isForBrowser -prefsHandle 5564 -prefMapHandle 5596 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {42a234db-2a87-497d-bead-44d1600fb485} 532 "\\.\pipe\gecko-crash-server-pipe.532" tab
      4⤵
      PID:6804
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5724 -childID 4 -isForBrowser -prefsHandle 5732 -prefMapHandle 5736 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4573b18f-17ca-41f1-a6f9-d34fcef7cfaa} 532 "\\.\pipe\gecko-crash-server-pipe.532" tab
      4⤵
      PID:6816
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6012 -childID 5 -isForBrowser -prefsHandle 5932 -prefMapHandle 5940 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 984 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f2441600-d580-4d54-9b9e-36cca035317a} 532 "\\.\pipe\gecko-crash-server-pipe.532" tab
      4⤵
      PID:6828

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\git.software.v1.1.7(1).7z"
1⤵
PID:7120
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\git.software.v1.1.7(1).7z
  2⤵
  - Checks processor information in registry
  PID:7136

C:\Windows\system32\werfault.exe
werfault.exe /h /shared Global\336207dde5a14378a49e5d33e0c7ad48 /t 5680 /p 5672
1⤵
PID:3512

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
eaaad45aced1889a90a8aa4c39f92659

SHA1
5c0130d9e8d1a64c97924090d9a5258b8a31b83c

SHA256
5e3237f26b6047f64459cd5d3a6bc3563e2642b98d75b97011c93e0a9bd26f3b

SHA512
0db1c6bdb51f4e6ba5ef4dc12fc73886e599ab28f1eec5d943110bc3d856401ca31c05baa9026dd441b69f3de92307eb77d93f089ba6e2b84eea6e93982620e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
3ee50fb26a9d3f096c47ff8696c24321

SHA1
a8c83e798d2a8b31fec0820560525e80dfa4fe66

SHA256
d80ec29cb17280af0c7522b30a80ffa19d1e786c0b09accfe3234b967d23eb6f

SHA512
479c0d2b76850aa79b58f9e0a8ba5773bd8909d915b98c2e9dc3a95c0ac18d7741b2ee571df695c0305598d89651c7aef2ff7c2fedb8b6a6aa30057ecfc872c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
5825c48c0366697f6bad258bf7c8d73a

SHA1
93f8d9084868bb78b6c154fb7008cde31a395efc

SHA256
5a86303486c51389848a4d851d6b48e1018101e3bfd19a1bab8038ebb4438af6

SHA512
d478d40860fa11620986b78999f6619300f87246dddeb58ada6efd31d2fb0f4f4a12c9365ddd6eecab4f522cbebb1b07309ed28db7570f6f44e3e5efa26edd28

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
c944a6dc77627d8cd087ec96d81fa52c

SHA1
7cb57499eae1d7663ca8c67a6f44ddf6eb37c010

SHA256
743323e520df3a18a52fa4f2bae9c2cec3038272adba6c48aed9c63a22099cc8

SHA512
10932a9ac134f981cd244d68d2eb05774c8afd65811086ecd53b3cb6303fab1ca758a740dda22af39952a86ee789eff0601a8dc970b1873a8f7e4a412674fb62

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
0de287e476f08549c1f3773bb1eee038

SHA1
cc1ce5636bd5f3f1a1125e0bdad78e1aa60a0191

SHA256
fbf6b0682bb502f0d93a63f2ded16c6d560b9fdc58156d84a8b9ee035467e36f

SHA512
529362a26c7f21e9f37f3230deca0b7f0c026793c6ead9c7d29dc18ac3f4e816c28e691fde39b9c35d04540ba7b31b8350d304444a1abe686f3540f8219c4ca2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
dbb6679c569b2c9a6963ce3d79a40836

SHA1
1bc31bff337ee00591b983df50f5cc830d66d587

SHA256
7ae96287c55bc1ab27375d06156fd56d1473b56e21812e1ec9fa8dd25b8731a3

SHA512
b05410f858e9bd59e8bcccb15ceb1dfb0b7966167bd253664b435bb050cfade4d132e0a83280965cef66954390b7115e1e6b6178888f7d3bf8e830be92375749

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
f8899b21db60d43a71a419a3b086bdf0

SHA1
af9f2cfabdb1bc1d91331741508c503db0d970bb

SHA256
f1dc6c5bdf9a7c8748fc61c035081bde492aed84b9eb8d1ba37c86a8a9af4b86

SHA512
e8b9b69e0eca43c9ebc6263577935245b9b4919490563bfc5d9f1aeed6926f7ea9597c6f6630e92e7ee4feab9c2cbec51c6ffdc909bfef8f20e3175846aee9ac

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
872B

MD5
d1514546056701fe801de32ba64d6733

SHA1
4161742e0c06064ce2b952c459b68cf9e0da32ce

SHA256
73ef60c225f2dae99876bda863fce05eccf2c32062d901221a9636524f5d4a30

SHA512
244222c85402b43cfd844b421bb051e1ccffcce4e7d63c167ffada004a88769827dd2cad20c38ac2222408b2555f5d64dc2b3c6322084521a1cf9f523ca42067

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c728.TMP

Filesize
203B

MD5
1e1e44b61dc59af404e06d4b1bbd3f3a

SHA1
3ae915748b32b04fe6570ab7f294852fcdff15de

SHA256
1ce0d8467a467cf7d9a5434cb577389fe40e39305c53dc825e3dba4efbb50e44

SHA512
2ca66ff074a729986a2fff0e7ffa8b9404458d73b9c705c7e465b55a8a1153d096d0150d66487e418b1f5003e074f8afa1851aa0a94e383a4ebfe5ca6677f0c1

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
24c6a6d198217c40ad73222e0d82cf74

SHA1
569d78e233ed1c95de3bacb94626b0ca8c454ec8

SHA256
8ad5090ec402f77b4505ab91f4b06d7359f4ad861730c13ff429565f42445738

SHA512
a671f33a2280ed557e642c05168e132ba31cfa9d88e5a19baba2ab96bae91779128eb11eb0658f28f89c9439bf1203aa73d4b4cb0f5c0257b6ca51e6ba7e29cb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
9cc8dafb533f42fa22c3138d5cf01555

SHA1
c4a2109a0cd6f039e8d621f2fc6d86e49a0be2d3

SHA256
1e5405e7a153fa9237eb1d71423c985c18c419665b97f91fc583c06ff449fc43

SHA512
0421f88c77e1e97cd53b3bf7a64c29bed0300ddb6e21b6b52d769e32873f41c9c479a23bfe3e0d1ab5dd24d54ac1c1cf90d6572ff7e16fb826982a2ee1ef0a40

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\activity-stream.discovery_stream.json

Filesize
25KB

MD5
0b6be98b172266c32d12d3fac84892ed

SHA1
57e1622d2ff4499dc05088917af660ca1e68ebf4

SHA256
b81f72dce4574d488416bac54f5a946d4a4c32bf164f0f2bdcf966ca1f8437da

SHA512
0894bd37cd79037f00d13f30da632d5ee0c08f8671800d8460e2c42756c989fbb76a997968b5c1db2b05cfdf526c52467aae10d618327070d3e4e4e75902fa3d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\db\data.safe.tmp

Filesize
21KB

MD5
4fad65a3791b35de7edea8a3eef28c97

SHA1
609ff17864117c0e1fb840027e38f0940e9a1050

SHA256
0a9ae3ea4810f5e20b46b6bba8748e02547f4bd051bdcd641032467af148d8df

SHA512
980f15c61386d22a912566a501a5db586b9f8d0c333314fb5e3f932f6ddbd48b9db4f4ab783fbd9926269496edc57c0c88c5e8b7d45f9c5e8664ba0fc69ddf4a

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\019f3689-e163-4d46-ba77-a7e6c70e8559

Filesize
659B

MD5
9de7c1acb62123fec14643131c93c75c

SHA1
b508deba93a6f534ba99336f0c8dba1bb7297418

SHA256
0d0437828582ce3c70b203a325eb604e83802b9f8a09f2ede253930d2ba0e80a

SHA512
8b4049a2e758d29b57e79c1d36f8b6e5a5861dffd3c410d4f4f24b989e7f0e898cffd749c33a6abd557d7706438ea17d4f956680cad268f56014affdc77f0cdd

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\datareporting\glean\pending_pings\c4a1f57d-95b8-421a-ab5d-907224c83644

Filesize
982B

MD5
fb0d378b89efbb7055fb06b4a752ec02

SHA1
15885d94ee03f129b876555d1c8ac4b5591a0452

SHA256
2b93649949462e53721c8d7edeb08bdf80a7e98e23d0f36b0c408bc285740b7c

SHA512
eaebd408753477a03b4f491c2d38e4aa590df1b15a00f10d973e24301e1abc0820d003f6e47c15e337a763e1016d63915ee8208bc6f93fd36853c7bef548b1ff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs-1.js

Filesize
11KB

MD5
34d786859434a545a6fdd0056fb582ee

SHA1
a365c204d26efb8b5bb194e712ddeaeea1a5ff6a

SHA256
a3d49a2f5acee54f73d7d61a258f645ad82d24ef2c0041ec0a80fefb1a532e2b

SHA512
c5e1b0ac8e76d49b7e79ae4654681574a179dc2ed87b59b3f83bf4440171d072f2c5b7c941f6d044d3bf9e772e23068e1208d0ae15d977eef7dfe4e0ac13befc

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\prefs.js

Filesize
8KB

MD5
ca4454be6eccc27504e2c349fdedefed

SHA1
3ce1b187eb5def70d9d60cc328fc34b94ee88539

SHA256
de7db64c71b5770c2beaec8bf55f6b666b86f1e045ddf81acc1ea68cd4b20031

SHA512
25f7e945d58ea805f9f0feeb45ad416643d231ae11cb8a975a31a8d3bdaa9c9c0e7d4fb885023caf1eb344ded3b6f05579296e165062c93d96e84b0cd4f63482

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\vcc2x7ul.default-release\sessionCheckpoints.json

Filesize
288B

MD5
948a7403e323297c6bb8a5c791b42866

SHA1
88a555717e8a4a33eccfb7d47a2a4aa31038f9c0

SHA256
2fca1f29b73dd5b4159fa1eb16e69276482f5224ba7d2219a547039129a51f0e

SHA512
17e2f65c33f47c8bb4beca31db2aff3d4bbb6c2d36924057f9f847e207bdcb85ffcbb32c80dd06862ffc9b7f0bd3f5e2e65b48bb1bc3363732751101d5596b1a

Download Submit
C:\Users\Admin\Downloads\git.software.v1.1.7.7z

Filesize
9.7MB

MD5
1cab128d80e3d928d910ae67fd1b752c

SHA1
23e2882384bc1042b14140edb4d51be10e2cdd5b

SHA256
f252b563982678460cceca27d01739175aab9e2f68e4847e23c22e63607de470

SHA512
1385755e6813d1497fe15e50280e441dc2db434872b4ac90057dd57da2b43cbacf4c059716d6c882286ffca867648e29b52d71f6242f3fc596b429437e1736ee

Download Submit
C:\Users\Admin\Downloads\winrar-x64-701.exe

Filesize
3.7MB

MD5
3a2f16a044d8f6d2f9443dff6bd1c7d4

SHA1
48c6c0450af803b72a0caa7d5e3863c3f0240ef1

SHA256
31f7ba37180f820313b2d32e76252344598409cb932109dd84a071cd58b64aa6

SHA512
61daee2ce82c3b8e79f7598a79d72e337220ced7607e3ed878a3059ac03257542147dbd377e902cc95f04324e2fb7c5e07d1410f0a1815d5a05c5320e5715ef6

Download Submit