hxxps://www[.]mediafire[.]com/folder/79tlgewvym6x0/Launcher

Analysis

max time kernel
83s
max time network
85s
platform
windows11-21h2_x64
resource
win11-20240802-en
resource tags

arch:x64arch:x86image:win11-20240802-enlocale:en-usos:windows11-21h2-x64system
submitted
03/08/2024, 04:38

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://www.mediafire.com/folder/79tlgewvym6x0/Launcher

Score

3^/10

discovery

Malware Config

Signatures

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

Checks processor information in registry 2 TTPs 24 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies registry class 3 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	OpenWith.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	firefox.exe
Key created	\REGISTRY\USER\S-1-5-21-661032028-162657920-1226909816-1000_Classes\Local Settings	msedge.exe

NTFS ADS 3 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\[email protected]:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\Downloads\[email protected]:Zone.Identifier	firefox.exe
File created	C:\Users\Admin\Downloads\XXL@uncherr(1).rar:Zone.Identifier	firefox.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1104	msedge.exe
1104	msedge.exe
3556	msedge.exe
3556	msedge.exe
2584	identity_helper.exe
2584	identity_helper.exe
2072	msedge.exe
2072	msedge.exe
5576	msedge.exe
5576	msedge.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
5092	OpenWith.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 16 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious use of AdjustPrivilegeToken 4 IoCs

description	pid	Process
Token: SeDebugPrivilege	5476	firefox.exe
Token: SeDebugPrivilege	5476	firefox.exe
Token: SeDebugPrivilege	5476	firefox.exe
Token: SeDebugPrivilege	5476	firefox.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
5476	firefox.exe
5476	firefox.exe
5476	firefox.exe
5476	firefox.exe
5476	firefox.exe
5476	firefox.exe
5476	firefox.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe
3556	msedge.exe

Suspicious use of SetWindowsHookEx 33 IoCs

pid	Process
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5092	OpenWith.exe
5476	firefox.exe
5476	firefox.exe
5476	firefox.exe
5476	firefox.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3556 wrote to memory of 3740	3556	msedge.exe	80
PID 3556 wrote to memory of 3740	3556	msedge.exe	80
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 2924	3556	msedge.exe	81
PID 3556 wrote to memory of 1104	3556	msedge.exe	82
PID 3556 wrote to memory of 1104	3556	msedge.exe	82
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83
PID 3556 wrote to memory of 2436	3556	msedge.exe	83

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://www.mediafire.com/folder/79tlgewvym6x0/Launcher
1⤵
- Enumerates system info in registry
- Modifies registry class
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fffbb0f3cb8,0x7fffbb0f3cc8,0x7fffbb0f3cd8
  2⤵
  PID:3740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1832 /prefetch:2
  2⤵
  PID:2924
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2360 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1104
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2560 /prefetch:8
  2⤵
  PID:2436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3268 /prefetch:1
  2⤵
  PID:4768
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:4288
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5744 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2584
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5820 /prefetch:1
  2⤵
  PID:1984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5880 /prefetch:1
  2⤵
  PID:1868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5924 /prefetch:1
  2⤵
  PID:2476
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
  2⤵
  PID:4028
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6424 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:2072
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6492 /prefetch:1
  2⤵
  PID:3236
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6816 /prefetch:1
  2⤵
  PID:2740
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6452 /prefetch:1
  2⤵
  PID:3888
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6440 /prefetch:1
  2⤵
  PID:5048
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6840 /prefetch:1
  2⤵
  PID:1440
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6928 /prefetch:1
  2⤵
  PID:3200
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5940 /prefetch:1
  2⤵
  PID:1732
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7796 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=7836 /prefetch:1
  2⤵
  PID:1964
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6560 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:5576
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1900,9535508158553498350,7279244364715002391,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5560 /prefetch:1
  2⤵
  PID:5712

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3100

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3048

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:5864

C:\Windows\system32\OpenWith.exe
C:\Windows\system32\OpenWith.exe -Embedding
1⤵
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
PID:5092
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\!@uncher\[email protected]"
  2⤵
  PID:4044
- - C:\Program Files\Mozilla Firefox\firefox.exe
    "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\!@uncher\[email protected]
    3⤵
    - Checks processor information in registry
    - Modifies registry class
    - NTFS ADS
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:5476
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1944 -parentBuildID 20240401114208 -prefsHandle 1824 -prefMapHandle 1800 -prefsLen 23678 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {34e5a170-4288-46d5-b37e-dccb6a5651ff} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" gpu
      4⤵
      PID:5576
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2368 -parentBuildID 20240401114208 -prefsHandle 2356 -prefMapHandle 2352 -prefsLen 24598 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3f79cd5b-21d5-427e-8c3b-8aca5b0e4d0c} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" socket
      4⤵
      Checks processor information in registry
      PID:5920
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2888 -childID 1 -isForBrowser -prefsHandle 3052 -prefMapHandle 3092 -prefsLen 24739 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9445e1c1-c737-49fa-b8c5-e999f106e943} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
      4⤵
      PID:1652
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=3856 -childID 2 -isForBrowser -prefsHandle 3848 -prefMapHandle 3844 -prefsLen 29088 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {988680ff-3557-458f-a83a-c791c2229ac7} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
      4⤵
      PID:2960
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4084 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 3844 -prefMapHandle 3968 -prefsLen 29088 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5b0ad024-38a9-4b6d-bdad-4357ed57d79a} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" utility
      4⤵
      Checks processor information in registry
      PID:6428
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5460 -childID 3 -isForBrowser -prefsHandle 5452 -prefMapHandle 5440 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {304304a3-8d70-408b-9a5d-f12cd84fc502} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
      4⤵
      PID:6972
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5604 -childID 4 -isForBrowser -prefsHandle 5684 -prefMapHandle 5680 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b5be9146-906b-426a-81f2-697947c2dd20} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
      4⤵
      PID:6984
  - - C:\Program Files\Mozilla Firefox\firefox.exe
      "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5836 -childID 5 -isForBrowser -prefsHandle 5576 -prefMapHandle 5580 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 932 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {0cae73c5-35ab-494d-8df0-a3f7e4ce697c} 5476 "\\.\pipe\gecko-crash-server-pipe.5476" tab
      4⤵
      PID:6996

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\!@uncher\[email protected]"
1⤵
PID:2304
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\!@uncher\[email protected]
  2⤵
  - Checks processor information in registry
  PID:5272

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url "C:\Users\Admin\Downloads\[email protected]"
1⤵
PID:3080
- C:\Program Files\Mozilla Firefox\firefox.exe
  "C:\Program Files\Mozilla Firefox\firefox.exe" -osint -url C:\Users\Admin\Downloads\[email protected]
  2⤵
  - Checks processor information in registry
  PID:5372

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9af507866fb23dace6259791c377531f

SHA1
5a5914fc48341ac112bfcd71b946fc0b2619f933

SHA256
5fb3ec65ce1e6f47694e56a07c63e3b8af9876d80387a71f1917deae690d069f

SHA512
c58c963ecd2c53f0c427f91dc41d9b2a9b766f2e04d7dae5236cb3c769d1f048e4a342ea75e4a690f3a207baa1d3add672160c1f317abfe703fd1d2216b1baf7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
b0177afa818e013394b36a04cb111278

SHA1
dbc5c47e7a7df24259d67edf5fbbfa1b1fae3fe5

SHA256
ffc2c53bfd37576b435309c750a5b81580a076c83019d34172f6635ff20c2a9d

SHA512
d3b9e3a0a99f191edcf33f3658abd3c88afbb12d7b14d3b421b72b74d551b64d2a13d07db94c90b85606198ee6c9e52072e1017f8c8c6144c03acf509793a9db

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001e

Filesize
20KB

MD5
6931123c52bee278b00ee54ae99f0ead

SHA1
6907e9544cd8b24f602d0a623cfe32fe9426f81f

SHA256
c54a6c3031bf3472077c716fa942bd683119dc483b7e0181e8a608fa0b309935

SHA512
40221fe98816aa369c45f87dc62e6d91fcdb559d9756cb6a05819f1cde629e23a51803e71371f4e4f27112a09489d58ed45b2b901a5f2f00c69c082b3576057f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
73fea24c2760fbed3e124529fac9619d

SHA1
716e83538eba7e772d50d73ce8e13ac5408867c0

SHA256
0aaf1e64f06839cc69fdf76e1221e09907a2f6e66c75e16f9fe9c30182630633

SHA512
b2dacbee81a646ae0d0d31809fd2dcf18d84656da64df5a779fdaf240f3f4483faa3fea30da3006cef69270f9952e87df0c85ac12d66ee61fec3342f5d4d37cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
031c8e348864369a8ec043b545cf0d3d

SHA1
6feb9f6b109399aea8dd2c139f88b526ce70a917

SHA256
77dfe2d293b037a92192fdf91e21b9900ac93c18d9a15c8d702308fdfd90c6f3

SHA512
8a175edb801d24877581a2e1eeeb2e3df936763a46031024baae52c9e65dd6a65852092c7668275778b77de0ec8c3df5395e1387733a8924bb0b8fe95f953cab

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
10KB

MD5
fd5da7642b6d96a2c318d8103e5e606b

SHA1
b982fb858192a913d61125bcf3b322564fb78d49

SHA256
29cfc5ec2753fe46dc6b868aa123d544d0ed2b64b4e3607f93aad32b0b0af81e

SHA512
78546678635115053136c933ab4521fa233867f399d457ffedc001cbe4f51523cd8d217cfa5ccf6c0046cef86b3a8ac21ddf540f08252edc0258e1cdbc4edd0c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
9a4549afb61535f25552b8e18f927984

SHA1
b7a1f5d4d6240ee51c09279a752d6e0a89062062

SHA256
444aa9b1c658af5f9c84acb475073f3469c7dd74f1180f992c01e8342372efd8

SHA512
cb0a49ed52d0a3d40152dd9c217aedc9d6a2da3040a4bf6e386643d542a28b906fecc2bb6b29b15c8df8c059e6a8bea03a869a1926f6207b7fd789ce4b0387f4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
11KB

MD5
fda42dc9d9e8edaf212b6b1a252a1caa

SHA1
828e4f47af5a7db7b0960c5acc8bee36bafd9db8

SHA256
f7f605743912d3d6dde96a314924a02c20711a75716b4584440c9d335665d780

SHA512
8b599bf61767a25495d8448b96f355c2504bc5142b4f71f063d92e4fc11484aae8e04832681f9a38a57f71cbd05afdd4a81c107e4d5a6ac7d206d24892838dc7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
6fb36a7e0c79258601d0dd852f884426

SHA1
b9d8bde3534122870da9f0ce840af72f978f7571

SHA256
3ee1fee227272f848bd593be0209fd3d91524c7ebb28ad934ac9a1dfc9c39d60

SHA512
dd35d8dc7a12ae5c6f5ea9aab5e2f4bcdee3fcc0561f82b40ac33b1756a54af2b9fe49cd6515e1181502e719ec79d27f06e55113df11577d42714801c9fa7fe3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
3KB

MD5
e3dcf799b7b7d8eced08d4f6c41a282b

SHA1
d295cfe42715e1b444930eb6acd0adf1585a69af

SHA256
13b034d1000ef1218c931867ada89a98b2bc50379564f207a21643645f0be129

SHA512
69c8a800b288279eba7e7de60d104b2553029dbb81a8e3af0d031fb4fc04bc05552fbb88b3aeb9f173c82f37b3c61db255fb7900965b62a0f7121874fc342463

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57f29d.TMP

Filesize
1KB

MD5
cf87f6b0b72772f704d65a01a088d126

SHA1
2f117585cdc41f97866c1ba7b0ce1dfcd4d18f10

SHA256
c2b7ddc0d48d7d1f79dd119874c07b090e99c611f2db075dca9e00b55bd8a853

SHA512
d9038ad1c9f4ce5a0fb0a5cdb11ad9153bfd2103d6793d09587c3eeb61faf61107b72d7dfae57551a3dcc5954a2a8c70b1209b38faef663363960a32490a7ac6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
649fcf3a62f36c46d4120f079441d7fa

SHA1
cbe1d9dfcd9a996358c330d4ace3a4a3fc9af900

SHA256
e17bc47ad8282096b38a2d4e2704173d670e22ef2bf01e1ffded85b537ed73d8

SHA512
d32fad9fb98d62a47facd87ced1d3a97dadc0669c87429d942adaeef671603fa3b9061a0245e608ca79a65e3e21568b49a18f5ec168023fd3c949f33af9647bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
96f782ca937223e3d13e3d1db46a7444

SHA1
7e1aec6b0ea8e771bbfd4a47f4851d7a1a442b12

SHA256
b86c2705657ad094871140adeeb2f952c98f791271a16c842cff83f7fb8589d7

SHA512
f715216f9e2dbd8ae7eebd0b20931237af98308f806831d02f6f3f07cd17f6c59949e2a0f940a3017dc66026957917a21a66f2588096fdcaecb97f3937e0c9e6

Download Submit
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\seoxtri5.default-release\activity-stream.discovery_stream.json.tmp

Filesize
18KB

MD5
3222e2b1a37858d51b7ef29ba99d36bf

SHA1
3e81fe886c7dbbeb4557572e7280f312d7d05522

SHA256
184b5b643071a9244d6e0225fcc8360b05f5e85be3d95820a3a8b413620e24db

SHA512
6031a84f68d546e31614a211fe8d06e3fab5b76c9e33749e972d0b702d6afe7d37aa9e22c35094608e8240135466141bea7bf829e9c19aa141954a1e326be48f

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
177bfe93d33eb1dd94fcc7dfff9f5e72

SHA1
bde3a6bdf5c53242772960b144c2713bd034a544

SHA256
48e06a9237d5edab07aae585e7c76d02147409c58eb9cbf70f5c5c78a43328df

SHA512
0f0806599756fb84843908c145b519d297a66dcf94202fed79375ff6c8d652bb8bee856a84780d450b1611159540be73e6b6fbd3c431ad28cc0030d9cdcf628d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
5KB

MD5
894673d88f64b1c7b69779bedb7770d2

SHA1
9e0b57ef13bffa4f1dd2179d581a0563385a6445

SHA256
dafb143eb60c42e3e61f86165b7a7d24b31ec101b81dedb6618ea8d093187af7

SHA512
1fe8cc8f6d1d02622152dddeaaeb2320558fd559dab2fea47cb9c65980a9176d9cb911a9ccf34cfd4358e1e0a2ed7f8fa4153f9f097e0fbaff870500835ef59d

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\db\data.safe.tmp

Filesize
6KB

MD5
da737a795a879c4e1b1a801018fa81a2

SHA1
ec5e4308c95b110ba70798d61ef1a6c747cd7ec2

SHA256
a63cb51183bc276127a4000290537349904c80de1407354049bbb74aef1ff734

SHA512
3d938e55b5e77e3f99a736ad75607c7db7284f7ddc4d019ec2e8f9d12062b91e51e2b0ca9071e434449cdb58dac31e1423d10e60c105e28c3175cacde5312078

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\00cf294f-098e-4a14-b41d-56de2a17ffaa

Filesize
24KB

MD5
48b6546cc8c28f7408012750a7459080

SHA1
c405d3933c5c9e4b5bfeb3132422b3268677e5b1

SHA256
19676b58a7a547283005ed77f8dccafca6d568c5be019f68e70cd02509da3e22

SHA512
def2bb3328e71d33bb88b647301de46a543eb34b7071480c5834d74a6e3b68a3c1ca78dd9047627f759978648c8601dc12cde0336e8daead0962051d5d8fa594

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\2baac31b-4635-4b1e-b41d-38b23386ae3a

Filesize
671B

MD5
75c2a9ebd2e51f8efe0f25a0a2a563e1

SHA1
0b872b6961607073749bc71b8c4e3fa09f9c8fde

SHA256
278bc5bbbcfef4e366b5e0789ed5c2f7d68e487b27fb3ca1d40a92f429c158ba

SHA512
0a33c5535f6bc3ad6892cabb7ac57733f39c6d87c76e6cb6acd617cf0894b89729ecb698b94e583754c6d059f1c59b205d6bd2599c9ff77f7789aa1371502316

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\datareporting\glean\pending_pings\b8536541-dfff-4cfe-8d3b-bc3bef432d1c

Filesize
982B

MD5
702622934a2d21bd733040631cd1e60a

SHA1
c2749fe642f3c7886978a9ba4eb7685cab003633

SHA256
53919bc60467a13a6f2bcd4f3ef178fef26adc300af788507caff4b17de56e86

SHA512
6f0c61c0e588dd9b4003d52eb2f754fc07861ba1acbbdfc7b52f975a15a86d9c74f9511c533fbe06b725e3159f971dd05431d6d00f3ec03b8a1f43013ce3ecff

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs-1.js

Filesize
11KB

MD5
acab9b98d154fcb44064348b13110b37

SHA1
9f16f20c572d6bf15c94af5899c625123ae7f2b0

SHA256
3f8190ddf22cef28a6548acb4dbe1a2ef2332e49fbddb24b86ff2233a590d1b8

SHA512
26000292bc6387fd177de52b93fe859ac8231e5b67ea0ec9e58dd4ee4192293b691de37a1152e13617972796dc47314b977ee4a7aa3708b0cef7a61b7c0ac79e

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs.js

Filesize
10KB

MD5
052bdb75aa445d400e6784d91612fafe

SHA1
e5a1815de48753963a89999768d46ccbdc186e6f

SHA256
012c925d5a7a3c7a76fbc7f883f67896e0733041bd5068d03a4d0b50f0783396

SHA512
250a441864e5bf4fac0807d5e073a60a7c81657b41d6337be68943bf1236c9cb8f939748a6e1b8cac28dee7bde7e06f4764214e9326a355018005959b2996f51

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\prefs.js

Filesize
11KB

MD5
c195ca45c008aa594e1cd8f806138885

SHA1
8d31a7380e5776c7ce638d2ff674254f29a92b11

SHA256
c24e2cbeb79888356c68b78aebba9c7538f0de1ef262f32a3f2f4bebcbf8b191

SHA512
e7f2ea80a49aea7365b7f2351f3e82b541382b38e9e572b722b2fce7545ac06fe19d2c7a915136741096962743ec798045ef0aebc94aecdcf00ca98f24537f5b

Download Submit
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\seoxtri5.default-release\sessionCheckpoints.json.tmp

Filesize
288B

MD5
6b77a9f779399e95d1cee931a2c8f8ff

SHA1
826efd4feb0d50fcce5696111af7c811b81adcd9

SHA256
3a0285c8233ef0324b269f7291094e19fd9b77259f9419861ad796f7e9c979f3

SHA512
ef537c75fab8e86483ac03cc0d2feaf41575e35f54b95669a26bf6dfbf58021dc9a5bbe54d9537b55da3fbb0e0262adf6c5efd4394faaec81a31604533afec4f

Download Submit
C:\Users\Admin\Downloads\[email protected]

Filesize
11.2MB

MD5
7657a021233b637c00a8c86cc84707a7

SHA1
a4ecc23f136fb8509058b1ec2136df8e7cfa67e5

SHA256
047ed5f76efc0065a950eb09d6c0ab8fde8f56d7704abfea9364d9f6b679be1d

SHA512
6fea18c5c5f94afe48069c565bf728e135ead716f4f5e8b1314b8a68cac10398b49ee65ef3fb613f90f558d4de1007631f0ac2b53c51ef95946b63640a2255db

Download Submit
C:\Users\Admin\Downloads\[email protected]:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\_U_rUrFb.rar.part

Filesize
11.2MB

MD5
adbdcb584912ddcac82f0282f3aa7318

SHA1
0f4f2b12555a9641c2a8afc865497f9756b18bf9

SHA256
db3553296ff730f813d4e5e950d496155cfa2a88de1d6986c6a3ee5467da8cd3

SHA512
854b8416569485f9c31aaec73c67259dad8e474c0fc5fcc6d667aa7672ac42c3fe8b20da11dacd837a509a02c97a1128e0d0a872629024c4f999fc3a00493033

Download Submit